Lucene search
K

4207 matches found

NCSC
NCSC
•added 2023/08/03 12:0 a.m.•5 views

Vulnerability discovered in Cisco Secure Web Appliance

A vulnerability has been discovered in Cisco Secure Web Appliance. The vulnerability is in how the scanning process handles with deflate, lzma and brotli content types. The deflate content type is not enabled by default. Izma and brotli are. A malicious party can exploit the vulnerabilities to pa...

5.8CVSS7.2AI score0.00476EPSS
Exploits0
NCSC
NCSC
•added 2023/08/03 12:0 a.m.•102 views

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

Vulnerabilities have been fixed in GitLab Community Edition CE and Enterprise Edition EE. An authenticated malicious party can exploit the vulnerabilities to exploit attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Bypassing...

9.8CVSS7AI score0.63765EPSS
Exploits2
NCSC
NCSC
•added 2023/08/03 12:0 a.m.•4 views

Vulnerabilities fixed in F5 BIG-IP

F5 has fixed vulnerabilities in BIG-IP. An authenticated malicious person with access to the management interface, or access to the shell of the system, could exploit the vulnerabilities to cause a Denial-of-Service, obtain sensitive information or, through a Cross-Site-Scripting attack, execute...

7.5CVSS7.5AI score0.00453EPSS
Exploits0
NCSC
NCSC
•added 2023/08/03 12:0 a.m.•2 views

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox and Thunderbird. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure Remote code...

9.8CVSS8.6AI score0.13694EPSS
Exploits1
NCSC
NCSC
•added 2023/08/03 12:0 a.m.•6 views

Vulnerabilities fixed in Brocade FabricOS

Vulnerabilities have been fixed in Brocade FabricOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Data manipulation. Remote code execution...

7.8CVSS7.5AI score0.00519EPSS
Exploits0
NCSC
NCSC
•added 2023/08/02 12:0 a.m.•6 views

Vulnerability fixed in Splunk SOAR

Splunk has fixed a vulnerability in Splunk SOAR. The vulnerability allows an unauthenticated malicious person to inject inject ANSI escape code into a log file. To do so, the malicious party must send a specially prepared HTTP request to the Spunk SOAR instance. When this log file is read in a...

8.6CVSS7.3AI score0.00281EPSS
Exploits0
NCSC
NCSC
•added 2023/08/01 12:0 a.m.•7 views

Vulnerability discovered in Supermicro BMC firmware

A vulnerability has been discovered in the Baseboard Management Controller BMC of Supermicro X12, X13, H12 and H13 systems. A malicious person with access to the data center, could exploit it to change arbitrary settings and thereby alter the operation of the Supermicro systems through the...

9.8CVSS6.9AI score0.01542EPSS
Exploits1
NCSC
NCSC
•added 2023/07/31 12:0 a.m.•30 views

Vulnerability fixed in Ivanti Endpoint Manager

Ivanti has fixed a vulnerability in Endpoint Manager. A malicious person with administrator privileges can exploit the vulnerability exploit to execute arbitrary OS commands with, among other among other things, permissions from the tomcat process. This vulnerability is different from the...

10CVSS7.5AI score0.99999EPSS
Exploits16
NCSC
NCSC
•added 2023/07/31 12:0 a.m.•4 views

Vulnerabilities fixed in Zoho ManageEngine Password Manager pro

Zoho has fixed vulnerabilities in ManageEngine Password Manager pro. An authenticated malicious person could exploit them to bypass a security measure, manipulate data manipulate data for which the malicious party is not authorized, and gain access to sensitive data. No CVE ID has been disclosed...

6.4AI score
Exploits0
NCSC
NCSC
•added 2023/07/31 12:0 a.m.•4 views

Vulnerability fixed in libarchive

A vulnerability has been fixed in libarchive, a widely used library used by backup tools and tools such as tar, cpio etc. A local malicious person could exploit the vulnerability to cause a buffer overflow and thus potentially execute arbitrary code execute arbitrary code. In reporting the...

6.8AI score
Exploits0
NCSC
NCSC
•added 2023/07/31 12:0 a.m.•5 views

Vulnerability fixed in QNAP firmware

QNAP has fixed a vulnerability in the firmware of several NAS and virtualization systems running QTS, QuTS Hero, QuTScloud and QVR. A malicious party could exploit the vulnerability to cause a denial-of-service. QNAP has released updates to fix the vulnerability in the firmware for QTS, QuTS Hero...

6.8CVSS6.8AI score0.00584EPSS
Exploits0
NCSC
NCSC
•added 2023/07/31 12:0 a.m.•7 views

Vulnerabilities fixed in Zimbra

Vulnerabilities have been fixed in Zimbra. A malicious party could exploit vulnerabilities to gain access to system data, bypass a security measure, or launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the context of the victim's victim's browser, or...

7.5CVSS6.2AI score0.59041EPSS
Exploits0
NCSC
NCSC
•added 2023/07/27 12:0 a.m.•5 views

Vulnerabilities fixed in Foxit Reader and PDF

Foxit has fixed vulnerabilities in its Reader and PDF editor vh. PhantomPDF. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or in specific circumstances, execute arbitrary code with permissions from the user and thereby potentially gain access to sensitive data ...

8.8CVSS7.8AI score0.01026EPSS
Exploits5
NCSC
NCSC
•added 2023/07/27 12:0 a.m.•6 views

Vulnerability fixed in Apache Jackrabbit

Apache Foundation has fixed a vulnerability in Jackrabbit. A malicious party could exploit the vulnerability to execute arbitrary execute code with permissions from the application using of Jackrabbit. Because Jackrabbit is executed with the privileges of the application, it cannot be ruled out...

9.8CVSS7.3AI score0.02657EPSS
Exploits0
NCSC
NCSC
•added 2023/07/27 12:0 a.m.•4 views

Vulnerability fixed in Atlassian Bamboo

Atlassian has fixed a vulnerability in Bamboo Server and Bamboo Data Center. An authenticated malicious person can exploit the exploit the vulnerability to use command-injection to execute arbitrary execute arbitrary code with application privileges and thus potentially gain access to sensitive...

8.8CVSS7.4AI score0.01805EPSS
Exploits0
NCSC
NCSC
•added 2023/07/27 12:0 a.m.•3 views

Vulnerabilities fixed in Paessler PRTG

Paessler has fixed vulnerabilities in PRTG Network Monitoring. An authenticated malicious party could exploit the vulnerabilities to bypass a security measure, or perform a Cross-Site-Request-Forgery CSRF, and thereby potentially execute arbitrary execute arbitrary code and gain access to sensiti...

7.6AI score
Exploits0
NCSC
NCSC
•added 2023/07/27 12:0 a.m.•4 views

Vulnerability fixed in Veritas NetBackup Snapshot Manager

Veritas has fixed a vulnerability in NetBackup Snapshot Manager. Due to a flaw in the way client certificates are processed, it is possible for a malicious party to access backups and restores for which the malicious party is not authorized. This allows the malicious party to gain access to...

6.4AI score
Exploits0
NCSC
NCSC
•added 2023/07/27 12:0 a.m.•3 views

Vulnerabilities fixed in Sophos Unified Threat Management (UTM)

Sophos has fixed vulnerabilities in Unified Threat Management UTM. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code execute with application privileges. Sophos has released updates to fix the vulnerabilities in UTM 9.716. For more...

7.5CVSS7AI score0.59501EPSS
Exploits1
NCSC
NCSC
•added 2023/07/27 12:0 a.m.•8 views

Vulnerabilities fixed in Jenkins (core) and plugins

Vulnerabilities have been fixed in Jenkins and some plugins, such as Bazaar, GitLab Authentication and Gradle. A malicious person could exploit the vulnerabilities to perform a Cross-Site-Scripting attack XSS, or a Cross-Site-Request-Forgery CSRF. Such an attack can lead to execution of arbitrary...

7.7CVSS7.2AI score0.00862EPSS
Exploits0
NCSC
NCSC
•added 2023/07/27 12:0 a.m.•7 views

Vulnerabilities fixed in Aruba Networks ArubaOS and InstantOS

Aruba Networks has fixed vulnerabilities in ArubaOS and InstantOS. A malicious party can exploit the vulnerabilities to gain access to system data, or to execute arbitrary code execute arbitrary code with elevated privileges. Successful exploitation requires the malicious party to have access to...

9.8CVSS7.9AI score0.01615EPSS
Exploits0
NCSC
NCSC
•added 2023/07/25 12:0 a.m.•55 views

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS. A malicious party could exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution Administrator/Root rights Remote...

8.8CVSS7.8AI score0.1895EPSS
Exploits5
NCSC
NCSC
•added 2023/07/25 12:0 a.m.•7 views

Vulnerability fixed in Ivanti Endpoint Manager Mobile (EPMM, formerly MobileIron Core).

Ivanti has fixed a vulnerability in Endpoint Manager Mobile EPMM, formerly MobileIron Core. The vulnerability allows an unauthenticated remote malicious person to access gain access to sensitive data or potentially take control of the EPMM system. The vulnerability is being actively exploited on ...

10CVSS6.7AI score0.99999EPSS
Exploits16
NCSC
NCSC
•added 2023/07/25 12:0 a.m.•10 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remot...

8.8CVSS8.9AI score0.1895EPSS
Exploits1
NCSC
NCSC
•added 2023/07/25 12:0 a.m.•9 views

Vulnerability fixed in AMD Zen 2 platform

AMD has fixed a vulnerability in its Zen 2 platform. The involves a hardware vulnerability that allows a malicious person to able to read out part of the processor memory. The malicious party could theoretically use this to gain access to sensitive information, such as key material. Because this ...

5.5CVSS7.8AI score0.05794EPSS
Exploits1
NCSC
NCSC
•added 2023/07/24 12:0 a.m.•8 views

Vulnerabilities fixed in IBM Cognos

IBM has fixed vulnerabilities in Cognos Analytics. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or to launch a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the context of the victim's browser, or access to sensitiv...

7.5CVSS7.8AI score0.14663EPSS
Exploits3
NCSC
NCSC
•added 2023/07/20 12:0 a.m.•15 views

Vulnerability fixed in Avaya Aura

Avaya has fixed a vulnerability in the Aura Device Services web service. An unauthenticated malicious person can exploit the exploit the vulnerability to execute arbitrary code with the permissions of the web service. Avaya has released updates to fix the vulnerability in Aura Device Services...

9.8CVSS7.8AI score0.03334EPSS
Exploits1
NCSC
NCSC
•added 2023/07/20 12:0 a.m.•6 views

Vulnerabilities fixed in Adobe ColdFusion

Adobe has fixed vulnerabilities in ColdFusion. A malicious party can exploit the vulnerabilities to bypass a security measure and execute arbitrary code with privileges of the application using ColdFusion. Due to the nature of such applications, it cannot be ruled out that this allows the malicio...

9.8CVSS7.5AI score0.99732EPSS
Exploits0
NCSC
NCSC
•added 2023/07/19 12:0 a.m.•5 views

Vulnerability fixed in Veritas NetBackup

Symantec has fixed a vulnerability in Veritas NetBackup. The vulnerability is located the BPCD process and allows an unauthenticated malicious person to upload and execute with permissions from the backup process. No CVE ID has been disclosed for this vulnerability yet. Symantec has released...

6.5AI score
Exploits0
NCSC
NCSC
•added 2023/07/19 12:0 a.m.•6 views

Vulnerabilities fixed in Oracle E-Business Suite

Vulnerabilities have been fixed in Oracle E-Business Suite products. A malicious party could exploit the vulnerabilities to perform attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data Oracle has...

6.5CVSS6.9AI score0.00401EPSS
Exploits0
NCSC
NCSC
•added 2023/07/19 12:0 a.m.•26 views

Vulnerabilities fixed in Oracle Database Server

Vulnerabilities have been fixed in Oracle Database Server products. A malicious party can exploit the vulnerabilities to perform attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data Oracle has fixe...

9.8CVSS7.5AI score0.03216EPSS
Exploits3
NCSC
NCSC
•added 2023/07/19 12:0 a.m.•12 views

Vulnerabilities fixed in Oracle MySQL

Vulnerabilities have been fixed in Oracle MySQL products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data Oracle has fixed the...

9.1CVSS7.8AI score0.75116EPSS
Exploits3
NCSC
NCSC
•added 2023/07/19 12:0 a.m.•5 views

Vulnerabilities fixed in Oracle Java SE

Vulnerabilities have been fixed in Oracle Java SE products. A malicious party could exploit the vulnerabilities to gain access to sensitive data. The malicious party must trick the victim into executing untrusted Java code. Oracle has fixed the vulnerabilities in the following products: - Oracle...

7.5CVSS6.8AI score0.01812EPSS
Exploits5
NCSC
NCSC
•added 2023/07/19 12:0 a.m.•7 views

Vulnerabilities fixed in Oracle PeopleSoft

Vulnerabilities have been fixed in Oracle PeopleSoft Enterprise PeopleTools. A malicious party can exploit the vulnerabilities to perform attacks that can result in the following categories of damage: Denial-of-Service DoS Data manipulation. Remote code execution User rights Access to sensitive...

9.8CVSS7.3AI score0.99615EPSS
Exploits13
NCSC
NCSC
•added 2023/07/19 12:0 a.m.•14 views

Vulnerabilities fixed in Oracle Communications

Vulnerabilities have been fixed in Oracle Communications products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code executio...

9.8CVSS7.9AI score0.99615EPSS
Exploits60
NCSC
NCSC
•added 2023/07/19 12:0 a.m.•5 views

Vulnerabilities fixed in Atlassian Confluence

Atlassian has fixed vulnerabilities in Confluence. A malicious party could exploit the vulnerabilities to execute arbitrary code execute arbitrary code with application privileges and possibly thereby gain access to sensitive data. The malicious party needs prior authentication required. Atlassia...

8.8CVSS7.8AI score0.02185EPSS
Exploits0
NCSC
NCSC
•added 2023/07/19 12:0 a.m.•6 views

Vulnerabilities fixed in Oracle Essbase

Vulnerabilities have been fixed in Oracle Essbase products. A authenticated malicious party can exploit the vulnerabilities to gain access to sensitive data. Oracle has fixed the vulnerabilities in the following products: - Oracle Essbase - Oracle Hyperion Essbase Administration Services...

9.8CVSS6.6AI score0.0558EPSS
Exploits8
NCSC
NCSC
•added 2023/07/19 12:0 a.m.•4 views

Vulnerability fixed in Oracle Solaris

Oracle has fixed a vulnerability in Solaris. A local malicious person could exploit the vulnerability to execute arbitrary code execute arbitrary code as root. Oracle has made updates available to fix the vulnerabilities. fix. For more information, see:...

7.8CVSS7.7AI score0.0018EPSS
Exploits0
NCSC
NCSC
•added 2023/07/19 12:0 a.m.•7 views

Vulnerabilities fixed in Oracle JD Edwards

Vulnerabilities have been fixed in Oracle JD Edwards products. A malicious party could exploit the vulnerabilities to gain access to sensitive data, or to execute arbitrary code with permissions of the application. Oracle has fixed the vulnerabilities in the following products: - JD Edwards...

9.8CVSS7.8AI score0.99615EPSS
Exploits8
NCSC
NCSC
•added 2023/07/19 12:0 a.m.•2 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to circumvent a security measure circumvention, execute code with user privileges or access gain access to sensitive data in the context of the browser. To do this, the malicious party must trick the...

8.8CVSS7.3AI score0.01002EPSS
Exploits9
NCSC
NCSC
•added 2023/07/19 12:0 a.m.•10 views

Vulnerabilities fixed in Oracle Enterprise Manager

Vulnerabilities have been fixed in Oracle Enterprise Manager products. A malicious party can exploit the vulnerabilities to execute attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Access to...

9.8CVSS8.3AI score0.8377EPSS
Exploits11
NCSC
NCSC
•added 2023/07/19 12:0 a.m.•5 views

Vulnerabilities fixed in Oracle VirtualBox

Oracle has fixed vulnerabilities in VirtualBox. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or execute arbitrary code with application privileges. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |...

8.1CVSS5.9AI score0.03658EPSS
Exploits0
NCSC
NCSC
•added 2023/07/19 12:0 a.m.•9 views

Vulnerabilities fixed in Oracle Analytics

Vulnerabilities have been fixed in Oracle Analytics products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution Administrator/Root rights Remo...

9.8CVSS9AI score0.99615EPSS
Exploits32
NCSC
NCSC
•added 2023/07/19 12:0 a.m.•15 views

Vulnerabilities fixed in Oracle Construction and Engineering

Vulnerabilities have been fixed in Oracle Construction and Engineering products. A malicious party could exploit them to carry out attacks that can result in the following categories of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data Access to system data...

9.8CVSS8AI score0.46836EPSS
Exploits8
NCSC
NCSC
•added 2023/07/19 12:0 a.m.•9 views

Vulnerabilities fixed in Oracle Siebel CRM

Vulnerabilities have been fixed in Oracle Siebel CRM products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Data manipulation. Remote code execution User rights Access to sensitive...

9.8CVSS8.4AI score0.99615EPSS
Exploits19
NCSC
NCSC
•added 2023/07/19 12:0 a.m.•9 views

Vulnerabilities fixed in Oracle Supply Chain

Vulnerabilities have been fixed in Oracle Supply Chain products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data. Remote code execution User rights Access to...

9.8CVSS8.3AI score0.46836EPSS
Exploits6
NCSC
NCSC
•added 2023/07/19 12:0 a.m.•4 views

Vulnerabilities fixed in Oracle Hyperion

Vulnerabilities have been fixed in Oracle Hyperion products. A malicious party can exploit the vulnerabilities to cause a denial-of-service, or to execute code with permissions of the application. Oracle has fixed the vulnerabilities in the following products: - Oracle Hyperion Data Relationship...

9.8CVSS8AI score0.0327EPSS
Exploits0
NCSC
NCSC
•added 2023/07/19 12:0 a.m.•44 views

Vulnerabilities fixed in Oracle Communications Applications

Vulnerabilities have been fixed in Oracle Communications Applications products. A malicious party could exploit them to carry out attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Remote code...

9.8CVSS7.9AI score0.99615EPSS
Exploits35
NCSC
NCSC
•added 2023/07/19 12:0 a.m.•7 views

Vulnerabilities fixed in Oracle Financial Services Applications

Vulnerabilities have been fixed in Oracle Financial Services Applications products. A malicious party could exploit them to launch attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution...

9.8CVSS8.1AI score0.99615EPSS
Exploits37
NCSC
NCSC
•added 2023/07/19 12:0 a.m.•14 views

Vulnerabilities fixed in Oracle Fusion Middleware

Vulnerabilities have been fixed in Oracle Fusion Middleware products. A malicious party can exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Remote cod...

9.8CVSS8.5AI score0.99298EPSS
Exploits57
NCSC
NCSC
•added 2023/07/18 12:0 a.m.•8 views

Vulnerabilities fixed in Zyxel products

Zyxel has fixed vulnerabilities in the firmware of several USG, ATP and VPN products. An unauthenticated malicious person can exploit the vulnerabilities from the LAN side to exploit them to cause a denial-of-service, or to execute commands on the underlying operating system. As far as is known,...

8.8CVSS7.5AI score0.1014EPSS
Exploits2
Total number of security vulnerabilities4207