Lucene search
K

4207 matches found

NCSC
NCSC
•added 2023/09/11 12:0 a.m.•5 views

Vulnerabilities fixed in IBM Aspera Faspex

IBM has fixed vulnerabilities in Aspera Faspex. A malicious party could exploit the vulnerabilities to circumvent a security measure, perform a Man-In-The-Middle attack or perform a Cross-Site-Scripting XSS attack and gain access to sensitive data, or to execute code execute code in the context o...

7.5CVSS6.9AI score0.00819EPSS
Exploits0
NCSC
NCSC
•added 2023/09/11 12:0 a.m.•8 views

Vulnerabilities fixed in Notepad++

Vulnerabilities have been fixed in Notepad++. A malicious person could exploit the vulnerabilities to gain access to memory locations to which the malicious party is not authorized, or potentially execute arbitrary code with privileges of the victim. Successful exploitation requires the malicious...

7.8CVSS8AI score0.00549EPSS
Exploits4
NCSC
NCSC
•added 2023/09/08 12:0 a.m.•4 views

ZeroDay vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed two ZeroDay vulnerabilities in iOS and iPadOS. A malicious person could exploit the vulnerabilities to execute arbitrary execute arbitrary code as a user of the system. Successful exploitation requires the malicious party to trick the victim into opening a rogue image, or opening ...

7.8CVSS7.4AI score0.15263EPSS
Exploits2
NCSC
NCSC
•added 2023/09/08 12:0 a.m.•5 views

ZeroDay vulnerability fixed in Apple macOS

Apple has fixed a ZeroDay vulnerability in macOS. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code as a user. For successful exploitation, the malicious party must trick the victim into opening a rogue image. Apple reports having reports that the...

7.8CVSS7.4AI score0.15263EPSS
Exploits2
NCSC
NCSC
•added 2023/09/07 12:0 a.m.•56 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data Increased user privileges The most serious...

9.8CVSS7.9AI score0.02203EPSS
Exploits0
NCSC
NCSC
•added 2023/09/07 12:0 a.m.•7 views

Vulnerability fixed in Cisco Identity Services Engine

Cisco has fixed a vulnerability in Identity Services Engine. An unauthenticated malicious person could exploit the vulnerability to cause a denial-of-service. The vulnerability is located in the way RADIUS is processed. Sending specially prepared RADIUS packets can cause the system stop processin...

8.6CVSS7AI score0.00758EPSS
Exploits0
NCSC
NCSC
•added 2023/09/07 12:0 a.m.•3 views

Vulnerability fixed in Cisco ASA and Firepower systems

Cisco has fixed a vulnerability in Adaptive Security Appliance and Firepower Threat Defense. The vulnerability is located in the way the Remote Access VPN handles login attempts, allowing a malicious party to use brute-force access to user accounts and potentially take over the system. take over...

9.1CVSS6.9AI score0.21583EPSS
Exploits0
NCSC
NCSC
•added 2023/09/07 12:0 a.m.•5 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to circumvent security measures bypass security measures, gain access to system data or execute code execute code in the context of the browser. Successful exploitation requires the malicious party to...

8.8CVSS7.4AI score0.37987EPSS
Exploits2
NCSC
NCSC
•added 2023/09/07 12:0 a.m.•6 views

Vulnerabilities fixed in Zoom

Zoom has fixed vulnerabilities in the clients of Zoom and Zoom Rooms. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, gain access to system data or cause a denial-of-service. To cause a Denial-of-Service, the malicious party does not need prior...

9.8CVSS7AI score0.01392EPSS
Exploits0
NCSC
NCSC
•added 2023/09/07 12:0 a.m.•2 views

Vulnerabilities fixed in Cacti

The developers of Cacti have fixed vulnerabilities in several modules of Cacti. A malicious person could exploit them to carry out attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Remote code execution Administrator/Root rights Remote code execution User righ...

9.8CVSS7.6AI score0.87688EPSS
Exploits23
NCSC
NCSC
•added 2023/09/01 12:0 a.m.•63 views

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could vulnerabilities to exploit attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Access to syst...

7.5CVSS7AI score0.00711EPSS
Exploits0
NCSC
NCSC
•added 2023/09/01 12:0 a.m.•3 views

Vulnerability fixed in Google Chrome

Google has fixed a vulnerability in Chrome. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code in the context of the browser. For successful abuse, the malicious party must trick the victim into opening a rogue Web page. Google has released updates to...

8.8CVSS7.7AI score0.0088EPSS
Exploits0
NCSC
NCSC
•added 2023/08/31 12:0 a.m.•4 views

Vulnerability fixed in Juniper JunOS and JunOS Evolved

Juniper has fixed a vulnerability in JunOS and JunOS Evolved. A malicious party could exploit the vulnerability to cause a denial-of-service attack. The vulnerability is in the way BGP UPDATEs are processed. When a specially prepared UPDATE is sent, it can cause the connection to be dropped...

7.5CVSS6.8AI score0.15143EPSS
Exploits0
NCSC
NCSC
•added 2023/08/31 12:0 a.m.•5 views

Vulnerability fixed in VMware Tools

VMware has fixed a vulnerability in VMware Tools for Windows and Linux. A malicious party could use a man-in-the-middle attack to bypass SAML tokens and thus manipulate the operation of VMware Guests manipulate. As a result, the malicious party could potentially gain access to sensitive data or...

7.5CVSS7.6AI score0.01193EPSS
Exploits0
NCSC
NCSC
•added 2023/08/31 12:0 a.m.•20 views

Vulnerabilities fixed in VMware Aria Operations Networks

VMWare has fixed vulnerabilities in Aria Operations Networks, formerly known as vRealize Network Insight. A malicious party could exploit the vulnerabilities to bypass authentication, or to execute arbitrary code on the underlying system. The most serious vulnerability has been given attribute...

9.8CVSS7.8AI score0.64194EPSS
Exploits9
NCSC
NCSC
•added 2023/08/31 12:0 a.m.•6 views

Vulnerabilities fixed in Splunk Enterprise

Splunk has fixed vulnerabilities in Splunk Enterprise. A malicious party could exploit the vulnerabilities to cause a denial-of-service, to grant himself elevated privileges granted to itself and to execute arbitrary code with permissions from the application. Included in these updates are update...

8.8CVSS7.9AI score0.00816EPSS
Exploits0
NCSC
NCSC
•added 2023/08/31 12:0 a.m.•3 views

Vulnerabilities fixed in Mozilla firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox, Firefox ESR and Thunderbird. A malicious party could exploit the vulnerabilities to perform attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Spoofing...

8.8CVSS7.4AI score0.00756EPSS
Exploits0
NCSC
NCSC
•added 2023/08/28 12:0 a.m.•5 views

Vulnerabilities fixed in 7-zip

Vulnerabilities have been fixed in 7-zip. The vulnerabilities are located in the way 7Z and SQFS files are processed and allow a malicious person to execute arbitrary code execute arbitrary code in the context of the user. Successful exploitation requires the malicious party to trick the victim...

7.8CVSS7.7AI score0.7104EPSS
Exploits0
NCSC
NCSC
•added 2023/08/28 12:0 a.m.•3 views

Vulnerability fixed in Apache Tomcat

Apache Foundation has fixed a vulnerability in Tomcat. The vulnerability is in the way authentication via FORM is implemented and allows a malicious party to execute an open redirect. This can lead to Cross-Site Scripting Attacks. Such an attack can lead to execution of arbitrary code in the...

6.1CVSS8.6AI score0.05972EPSS
Exploits0
NCSC
NCSC
•added 2023/08/24 12:0 a.m.•8 views

Vulnerability fixed in Cisco Firepower and UCS

Cisco has fixed a vulnerability in Firepower 4100 and 9300 systems and in UCS 6300 systems. The vulnerability is located in SNMP handling and allows a malicious party to cause a denial-of-service exploit. Cisco has released updates to fix the vulnerability in the vulnerable UCS and Firepower...

7.7CVSS6.8AI score0.00509EPSS
Exploits0
NCSC
NCSC
•added 2023/08/23 12:0 a.m.•5 views

Vulnerability fixed in Zimbra

Zimbra has fixed a vulnerability in Zimbra Collaboration. An unauthenticated malicious person could exploit the vulnerability to gain access to a user account and thus potentially gain access to sensitive data in the context of that account. To the best of our knowledge, no user interaction is...

7.5CVSS6.8AI score0.00865EPSS
Exploits0
NCSC
NCSC
•added 2023/08/23 12:0 a.m.•6 views

Vulnerabilities fixed in Rarlab WinRAR

Rarlab has fixed vulnerabilities in WinRAR. A malicious person could exploit the vulnerabilities to execute arbitrary execute arbitrary code with user privileges. The vulnerability with reference CVE-2023-40477 is located in the way How WinRAR handles Recovery Volumes. A malicious party can creat...

7.8CVSS8.1AI score0.97798EPSS
Exploits50
NCSC
NCSC
•added 2023/08/23 12:0 a.m.•4 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to execute arbitrary code in the context of the browser, or gain access to sensitive data in the context of the browser. Successful exploitation requires the malicious party to trick the victim into...

8.8CVSS7.5AI score0.3398EPSS
Exploits0
NCSC
NCSC
•added 2023/08/22 12:0 a.m.•4 views

Vulnerability fixed in Ivanti MobileIron Sentry

Ivanti has fixed a vulnerability in MobileIron Sentry. A unauthenticated malicious person with access to the management interface could exploit the vulnerability to use API calls to manipulate the Sentry system and execute commands with administrator privileges. For successful misuse, the malicio...

9.8CVSS7.2AI score0.99949EPSS
Exploits6
NCSC
NCSC
•added 2023/08/22 12:0 a.m.•7 views

Vulnerabilities fixed in Sonicwall

SonicWall has fixed vulnerabilities in Global Management System GMS and Analytics. A malicious party could exploit them to launch attacks that could result in the following categories of damage: Manipulation of data. Bypassing authentication Circumvention of security measure Remote code execution...

9.8CVSS8.2AI score0.86296EPSS
Exploits2
NCSC
NCSC
•added 2023/08/21 12:0 a.m.•17 views

Vulnerabilities fixed in IBM Cognos Analytics

IBM has fixed vulnerabilities in Cognos Analytics. A malicious party could exploit the vulnerabilities to perform a Server-Site-Request-Forgery attack in order to collect system information without prior authorizations to collect system information. Also, a malicious party could potentially execu...

7.3CVSS7.5AI score0.01411EPSS
Exploits0
NCSC
NCSC
•added 2023/08/18 12:0 a.m.•5 views

Vulnerabilities fixed in Juniper JunOS

Juniper has fixed vulnerabilities in the PHP layer of J-web, running on EX and SRX series systems. An unauthenticated malicious person with access to J-web could exploit the vulnerabilities to bypass security measures, manipulate settings and upload arbitrary files to the vulnerable system. In...

9.8CVSS7.6AI score0.94205EPSS
Exploits28
NCSC
NCSC
•added 2023/08/18 12:0 a.m.•4 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A malicious person can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data Access to...

8.8CVSS7.6AI score0.45912EPSS
Exploits2
NCSC
NCSC
•added 2023/08/18 12:0 a.m.•13 views

Vulnerability fixed in Cisco Unified Communications

Cisco has fixed a vulnerability in Unified Communications Manager CM, Unified CM Session Management Edition SME and Unified Communications Manager IM & Presence Service IM&P. A malicious party could exploit the vulnerability to launch a Cross-Site Scripting attack. Such an attack can lead to...

6.1CVSS7.2AI score0.00394EPSS
Exploits0
NCSC
NCSC
•added 2023/08/14 12:0 a.m.•6 views

Vulnerabilities fixed in Python

Vulnerabilities have been fixed in Python. In addition to the vulnerabilities in OpenSSL, for which the NCSC has published previous security advisories published, a vulnerability has also been fixed in the urllib.parse component. Because proper input validation does not take place, it is possible...

7.5CVSS6.9AI score0.75116EPSS
Exploits5
NCSC
NCSC
•added 2023/08/11 12:0 a.m.•5 views

Vulnerabilities fixed in OPNSense

Vulnerabilities have been fixed in OPNSense. A malicious party could exploit the vulnerabilities to grant himself elevated privileges granted, execute arbitrary code on the system or access gain access to system data. For successful abuse, the malicious party needs prior authentication required...

9.8CVSS7.1AI score0.02977EPSS
Exploits12
NCSC
NCSC
•added 2023/08/09 12:0 a.m.•5 views

Vulnerabilities fixed in Adobe Acrobat and Acrobat Reader

Adobe has fixed vulnerabilities in Acrobat and Acrobat Reader. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure. Remote code execution User rights Acces...

7.8CVSS7.7AI score0.04613EPSS
Exploits0
NCSC
NCSC
•added 2023/08/09 12:0 a.m.•15 views

Vulnerabilities fixed in Adobe Dimension

Adobe has fixed vulnerabilities in Dimension. A malicious person could exploit the vulnerabilities to execute arbitrary code in the victim's scope, or to gain access to sensitive data in the victim's scope. For successful exploitation, the malicious party must trick the victim into opening a rogu...

7.8CVSS7.6AI score0.003EPSS
Exploits0
NCSC
NCSC
•added 2023/08/09 12:0 a.m.•5 views

Vulnerabilities fixed in Adobe Commerce and Magento

Adobe has fixed vulnerabilities in Commerce and Magento. A malicious party could exploit the vulnerabilities to gain access to system data, or to grant himself elevated privileges and execute arbitrary code with elevated privileges. To obtain elevated privileges and execute code, the the maliciou...

9.1CVSS7.9AI score0.02269EPSS
Exploits0
NCSC
NCSC
•added 2023/08/09 12:0 a.m.•2 views

Vulnerability fixed in Intel processors

A vulnerability has been fixed in the microcode of several Intel processors1. The vulnerability has been named "Downfall" and allows a local, authenticated malicious person to manipulate the operation of memory optimization. This allows the malicious party to gain access to memory locations...

6.5CVSS6.4AI score0.03882EPSS
Exploits1
NCSC
NCSC
•added 2023/08/09 12:0 a.m.•3 views

Vulnerability fixed in AMD processors

A vulnerability has been fixed in the microcode of AMD processors. The vulnerability has been named "Inception" and enables a local, authenticated malicious person to manipulate the operation of the Predictive Algorithms, which could circumvent measures in place to prevent unauthorized instructio...

4.7CVSS6.7AI score0.0616EPSS
Exploits1
NCSC
NCSC
•added 2023/08/09 12:0 a.m.•6 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including Business Objects, Netweaver and Powerdesigner. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Bypassing...

9.8CVSS7.6AI score0.01041EPSS
Exploits0
NCSC
NCSC
•added 2023/08/08 12:0 a.m.•11 views

Vulnerabilities fixed in Microsoft Exchange

Microsoft has fixed vulnerabilities in Exchange. A malicious party could exploit the vulnerabilities to impersonate as another user and execute arbitrary code with privileges of that user, or gain access to the sensitive data in the victim's context. The most serious vulnerability has been given...

9.8CVSS7.4AI score0.16813EPSS
Exploits0
NCSC
NCSC
•added 2023/08/08 12:0 a.m.•7 views

Vulnerability fixed in Mirth Connect

A vulnerability has been fixed in Mirth Connect. A unauthenticated malicious person could exploit the vulnerability to execute arbitrary code with application privileges. Because Mirth Connect without additional configuration by default installed with elevated privileges by default, it cannot be...

9.8CVSS7.6AI score0.96129EPSS
Exploits12
NCSC
NCSC
•added 2023/08/08 12:0 a.m.•12 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in several Developer tools. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Spoofing Access to sensitive data...

8.8CVSS7.7AI score0.74288EPSS
Exploits1
NCSC
NCSC
•added 2023/08/08 12:0 a.m.•5 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in Dynamics. A malicious party could exploit the vulnerabilities to afford elevated privileges, or execute arbitrary code with user privileges. Successful exploitation requires the malicious party to trick the victim into following a rogue link or opening a rog...

7.2CVSS7.3AI score0.01248EPSS
Exploits0
NCSC
NCSC
•added 2023/08/08 12:0 a.m.•6 views

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed a vulnerability in OLEDB, a component used by clients to communicate with SQL Server. A malicious party could exploit the vulnerability to execute arbitrary execute arbitrary code on the client using OLEDB. The malicious party must trick the victim into contacting a rogue SQL...

8.8CVSS7.9AI score0.01221EPSS
Exploits0
NCSC
NCSC
•added 2023/08/08 12:0 a.m.•71 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Arm and Mediatek. The vulnerabilities potentially enable a malicious party to perform attacks that result in the following categories of...

9.8CVSS7.6AI score0.01032EPSS
Exploits1
NCSC
NCSC
•added 2023/08/08 12:0 a.m.•13 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in Parasolid, Solid Edge, TeamCenter, SoftwareCenter, SIMATIC, SICAM and Ruggedcom products. The vulnerabilities potentially enable a malicious party to execute attacks that could result in the following categories of damage: Denial-of-Service DoS. Manipulation o...

9.8CVSS7.7AI score0.59501EPSS
Exploits1
NCSC
NCSC
•added 2023/08/08 12:0 a.m.•8 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user, potentially gaining access gain access to sensitive data in the victim's context, or execute code with the victim's privileges. Successful exploitation...

7CVSS6.5AI score0.01314EPSS
Exploits0
NCSC
NCSC
•added 2023/08/08 12:0 a.m.•7 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, or to impersonate another user and potentially gain access gain access to sensitive data. These updates also additionally...

8.8CVSS7.7AI score0.98998EPSS
Exploits3
NCSC
NCSC
•added 2023/08/08 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote...

9.8CVSS7.7AI score0.12053EPSS
Exploits2
NCSC
NCSC
•added 2023/08/07 12:0 a.m.•8 views

Vulnerability fixed in Ivanti Endpoint manager Mobile (EPMM, formerly MobileIron Core).

A vulnerability has been fixed in Ivanti Endpoint Manager formerly MobileIron Core. An unauthenticated malicious person could exploit the vulnerability to access arbitrary files thus gaining access to sensitive data and potentially execute arbitrary code on the vulnerable system. This vulnerabili...

10CVSS7.5AI score0.99999EPSS
Exploits4
NCSC
NCSC
•added 2023/08/04 12:0 a.m.•7 views

Vulnerabilities fixed in VMware Horizon

VMware has fixed vulnerabilities in Horizon Server. A unauthenticated malicious party could exploit the vulnerabilities to gain access to system data, or through an HTTP-Request Smuggling potentially to gain access to sensitive data. The vulnerabilities are not present in the latest version of...

5.3CVSS7.2AI score0.00409EPSS
Exploits0
NCSC
NCSC
•added 2023/08/04 12:0 a.m.•2 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A malicious person can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data Successful...

8.8CVSS7.6AI score0.24116EPSS
Exploits0
Total number of security vulnerabilities4207