Lucene search
K

4207 matches found

NCSC
NCSC
•added 2023/07/18 12:0 a.m.•11 views

Vulnerabilities fixed in Citrix ADC and Citrix Gateway

Citrix has fixed vulnerabilities in NetScaler ADC and NetScaler Gateway. A malicious party could exploit the vulnerabilities to execute a cross-site scripting attack, obtain elevated privileges or execute arbitrary code. Citrix reports that the vulnerability with attribute CVE-2023-3519 is being...

9.8CVSS6.9AI score0.99445EPSS
Exploits16
NCSC
NCSC
•added 2023/07/17 12:0 a.m.•3 views

Vulnerability fixed in Adobe ColdFusion

Adobe has fixed a vulnerability in ColdFusion. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code with permissions from the application using ColdFusion. Due to the nature of such applications, it cannot be be ruled out that this would allow the...

9.8CVSS7.9AI score0.97003EPSS
Exploits0
NCSC
NCSC
•added 2023/07/14 12:0 a.m.•84 views

Vulnerabilities fixed in Kofax Power PDF

Kofax has fixed vulnerabilities in Power PDF. A malicious person could exploit the vulnerabilities to execute arbitrary code with privileges of the victim, or to gain access to sensitive data. To do this, the malicious party must trick the victim into opening a malicious file to open, or follow a...

7.8CVSS7.4AI score0.00366EPSS
Exploits0
NCSC
NCSC
•added 2023/07/14 12:0 a.m.•6 views

Vulnerability fixed in Zimbra collaboration suite

A vulnerability has been fixed in Zimbra Collaboration Suite. The vulnerability allows a malicious party to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the context of the victim's victim's browser, or potentially access sensitive data in the...

7.1AI score
Exploits0
NCSC
NCSC
•added 2023/07/14 12:0 a.m.•7 views

Vulnerabilities fixed in Rockwell Automation ControlLogix communication modules

Rockwell Automation has fixed vulnerabilities in the firmware of several ControlLogix 1756-EN communications modules. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or possibly take control of the modules. For successful exploitation, the malicious party must ha...

9.8CVSS7.3AI score0.04965EPSS
Exploits0
NCSC
NCSC
•added 2023/07/13 12:0 a.m.•2 views

Vulnerability fixed in Asterisk

Asterisk developers have fixed a vulnerability in Asterisk VOIP. An unauthenticated malicious person could exploit the exploit the vulnerability to cause a denial-of-service. Asterisk has released updates to fix the vulnerability in all supported versions of Asterisk. For more information, see:...

9.8CVSS6.8AI score0.01026EPSS
Exploits0
NCSC
NCSC
•added 2023/07/13 12:0 a.m.•3 views

Vulnerability fixed in Ghostscript

Artifex has fixed a vulnerability in Ghostscript. A malicious party could exploit the vulnerability to be able to execute arbitrary be able to execute arbitrary commands with permissions from the Ghostscript process. To do this, the malicious party must trick the victim into opening a rogue file...

7.8CVSS7.2AI score0.03236EPSS
Exploits4
NCSC
NCSC
•added 2023/07/13 12:0 a.m.•79 views

Vulnerabilities fixed in Juniper JunOS

Juniper has fixed vulnerabilities in JunOS for several router, firewall and switch products. A malicious party could exploit the vulnerabilities to launch attacks that can result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution...

10CVSS7.7AI score0.87218EPSS
Exploits32
NCSC
NCSC
•added 2023/07/13 12:0 a.m.•5 views

Vulnerabilities fixed in Adobe ColdFusion

Adobe has fixed vulnerabilities in ColdFusion. A malicious party could exploit the vulnerabilities to circumvent a security measure, or execute arbitrary code execute with permissions from the application using ColdFusion. Due to the nature of such applications, it cannot be be ruled out that the...

9.8CVSS7.6AI score0.99988EPSS
Exploits0
NCSC
NCSC
•added 2023/07/13 12:0 a.m.•7 views

Vulnerabilities fixed in Adobe InDesign

Adobe has fixed vulnerabilities in InDesign. A malicious person could exploit the vulnerabilities to gain access to system data, or to execute arbitrary code with permissions of the user. To exploit the vulnerabilities, the malicious party needs local access to the application, or needs to trick ...

7.8CVSS8AI score0.00402EPSS
Exploits0
NCSC
NCSC
•added 2023/07/13 12:0 a.m.•17 views

Vulnerabilities fixed in FortiNet FortiOS and FortiProxy

FortiNet has fixed vulnerabilities in FortiOS and FortiProxy. A malicious party could exploit the vulnerabilities to execute arbitrary execute arbitrary code on the vulnerable system, or under specific circumstances to take over a user's session. The vulnerability with attribute CVE-2023-33308...

9.8CVSS7.8AI score0.02247EPSS
Exploits0
NCSC
NCSC
•added 2023/07/13 12:0 a.m.•6 views

Vulnerabilities fixed in Citrix Secure Access Clients

Citrix has fixed vulnerabilities in the Secure Access Client for Windows and Ubuntu. The vulnerability with reference CVE-2023-24491 is located in the Windows client and allows a local malicious person to grant themselves elevated privileges and execute code with privileges of SYSTEM The...

9.6CVSS9.4AI score0.00876EPSS
Exploits0
NCSC
NCSC
•added 2023/07/13 12:0 a.m.•4 views

Vulnerabilities fixed in Schneider Electric EcoStruxture components

Schneider Electric has fixed vulnerabilities in StruxtureWare Datacenter Expert and EcoStruxture OPC UA Server Expert. an authenticated malicious person could exploit the vulnerabilities to gain access to sensitive data or execute arbitrary commands execute arbitrary commands for which it is not...

8.8CVSS7.7AI score0.0086EPSS
Exploits0
NCSC
NCSC
•added 2023/07/11 12:0 a.m.•13 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in SiPass, Tecnomatix, SIMATIC, and RUGGEDCOM products. The vulnerabilities allow a malicious party potentially able to launch attacks that could lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Servi...

10CVSS6.3AI score0.96275EPSS
Exploits14
NCSC
NCSC
•added 2023/07/11 12:0 a.m.•67 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including. Business Objects, ECC, HANA, Netweaver, Business Warehouse and Solution Manager. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Cross-Site Scripting XSS...

9.4CVSS7AI score0.00974EPSS
Exploits0
NCSC
NCSC
•added 2023/07/11 12:0 a.m.•11 views

Vulnerabilities fixed in Microsoft Paint3D

Microsoft has fixed vulnerabilities in Paint3D. The vulnerabilities allow a malicious person to execute arbitrary execute code with user privileges. The malicious must do so to trick the victim into opening a rogue image. open. Paint3D comes installed by default, but maintained through the...

7.8CVSS7.1AI score0.0093EPSS
Exploits0
NCSC
NCSC
•added 2023/07/11 12:0 a.m.•8 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in Dynamics 365 on prem. A malicious party could exploit the vulnerabilities to launch a Cross-site scripting attack. Such an attack can lead to execution of arbitrary code in the context of the victim's browser, or access to sensitive data in the context of th...

8.2CVSS6.3AI score0.00803EPSS
Exploits0
NCSC
NCSC
•added 2023/07/11 12:0 a.m.•5 views

Vulnerability fixed in Apple macOS, iOS, iPadOS and Safari

Apple has released interim updates for macOS, iOS, iPadOS and Safari to fix a vulnerability in WebKit. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code with user privileges. The malicious party must to do so, trick the victim into opening a rogue fi...

8.8CVSS8.7AI score0.1895EPSS
Exploits0
NCSC
NCSC
•added 2023/07/11 12:0 a.m.•8 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in Azure components. A malicious party could exploit the vulnerabilities to grant themselves elevated permissions or gain access to sensitive data. Service Fabric: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

9.8CVSS6.4AI score0.02831EPSS
Exploits0
NCSC
NCSC
•added 2023/07/11 12:0 a.m.•8 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in several Developer Tools. A malicious person with access to the development environment can exploit the vulnerabilities to exploit attacks that could lead to the following categories of damage: Bypassing security measure. Remote code execution User rights...

8.8CVSS8AI score0.02095EPSS
Exploits0
NCSC
NCSC
•added 2023/07/11 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote...

9.8CVSS7.4AI score0.43058EPSS
Exploits6
NCSC
NCSC
•added 2023/07/11 12:0 a.m.•62 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several MS Office products. A malicious party could exploit the vulnerabilities to execute attacks that can lead to the following categories of damage: Circumvention of security measure. Remote code execution User rights Spoofing Access to sensitive data...

9.6CVSS7.1AI score0.41545EPSS
Exploits4
NCSC
NCSC
•added 2023/07/10 12:0 a.m.•7 views

Vulnerability fixed in Zoho ManageEngine ADAudit Plus

Zoho has fixed a vulnerability in ManageEngine ADAudit Plus. A malicious party could exploit the vulnerability to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the victim's browser and potentially allows the malicious party able to gain access to...

5.4CVSS6.8AI score0.01875EPSS
Exploits0
NCSC
NCSC
•added 2023/07/10 12:0 a.m.•3 views

Vulnerabilities fixed in IBM DB2

IBM has fixed vulnerabilities in DB2. A malicious party can exploit the exploit the vulnerabilities to execute arbitrary code with privileges of the application, or to grant itself locally elevated privileges granted. IBM has released updates to fix the vulnerabilities in DB2. For more informatio...

8.8CVSS7.8AI score0.01628EPSS
Exploits0
NCSC
NCSC
•added 2023/07/06 12:0 a.m.•6 views

Vulnerability discovered in Cisco ACI Multi-Site CloudSec Encryption

Cisco has discovered in internal testing that the encryption as used with ACI Multi-Site CloudSec is not sufficient to provide adequate protection in the event of a man-in-the-middle attack. A malicious party capable of tapping the encrypted traffic between two ACI sites, and has sufficient...

7.4CVSS6.8AI score0.00346EPSS
Exploits0
NCSC
NCSC
•added 2023/07/06 12:0 a.m.•2 views

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox, Firefox ESR and Thunderbird. A malicious party could exploit the vulnerabilities to perform attacks that can lead to the following categories of damage: Denial-of-Service DoS Data manipulation. Remote code execution User Rights Spoofing This requires...

8.8CVSS7.5AI score0.00755EPSS
Exploits1
NCSC
NCSC
•added 2023/07/06 12:0 a.m.•64 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Arm, Imagination Technologies and Mediatek. The vulnerabilities potentially enable a malicious person to execute attacks that result in...

10CVSS7.4AI score0.05786EPSS
Exploits5
NCSC
NCSC
•added 2023/07/06 12:0 a.m.•6 views

Vulnerabilities fixed in Progress MOVEit Transfer

Progress has fixed vulnerabilities in MOVEit Transfer. A unauthenticated malicious person could exploit the vulnerabilities to gain access to data in the MOVEit Transfer database. The vulnerabilities found are possibly related to the previously discovered and actively exploited vulnerabilities fo...

9.1CVSS7.2AI score0.95EPSS
Exploits0
NCSC
NCSC
•added 2023/07/04 12:0 a.m.•4 views

Vulnerabilities fixed in IBM Integration Bus

IBM has fixed vulnerabilities in Integration Bus. A malicious party could exploit the vulnerabilities to execute arbitrary code execute application privileges, or to access gain access to system data. IBM has released updates to fix the vulnerabilities in Integration Bus 10.1.0.1 Interim fix. For...

9.8CVSS7.4AI score0.04306EPSS
Exploits0
NCSC
NCSC
•added 2023/07/03 12:0 a.m.•3 views

Vulnerability fixed in Elasticsearch

Elastic has fixed a vulnerability in Elasticsearch. A malicious party could exploit the vulnerability to cause a denial-of-service attack. Elastic has released updates to fix the vulnerability in Elasticsearch 8.8.2 and 7.17.11. For more information, see: https://discuss.elastic.co/t...

7.5CVSS7.3AI score0.01119EPSS
Exploits1
NCSC
NCSC
•added 2023/07/03 12:0 a.m.•30 views

Vulnerability fixed in Xwiki

The developers of Xwiki have fixed a vulnerability in the CKEditor of Xwiki. An authenticated malicious person with editing privileges in the CKeditor could exploit the vulnerability to modify arbitrary files in Xwiki, including those for which it is not authorized. This allows the malicious pers...

9CVSS6.7AI score0.00903EPSS
Exploits1
NCSC
NCSC
•added 2023/07/03 12:0 a.m.•8 views

Vulnerabilities fixed in Citrix ADC and Gateway

Citrix has fixed vulnerabilities in ADC and Gateway. A malicious party could exploit the vulnerabilities to gain access to system data, or to perform a cross-site scripting attack. Such an attack could result in execution of code in the victim's browser. To access system data, the malicious party...

7.5CVSS8.9AI score0.80907EPSS
Exploits3
NCSC
NCSC
•added 2023/06/30 12:0 a.m.•37 views

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could vulnerabilities to exploit attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Accessing...

7.5CVSS6.9AI score0.00905EPSS
Exploits0
NCSC
NCSC
•added 2023/06/30 12:0 a.m.•8 views

Vulnerability fixed in Sitecore products

Sitecore has fixed a vulnerability in Experience Manager, Experience Platform and Experience Commerce. A malicious party could exploit the vulnerability to execute arbitrary code with rights of the application, or to gain access to sensitive data in the application. Sitecore has released updates ...

9.8CVSS7.9AI score0.86685EPSS
Exploits7
NCSC
NCSC
•added 2023/06/30 12:0 a.m.•24 views

Vulnerability fixed in Schneider Electric EcoStruxture Operator Terminal Expert

Schneider Electric has fixed a vulnerability in the EcoStruxture Operator Terminal Expert. A malicious party could exploit the vulnerability to execute arbitrary code on the vulnerable system and gain access to sensitive data. To do this, the malicious party must have local access to the vulnerab...

7.8CVSS7.3AI score0.00597EPSS
Exploits0
NCSC
NCSC
•added 2023/06/29 12:0 a.m.•7 views

Vulnerabilities fixed in IBM MQ

IBM has fixed vulnerabilities in MQ, in both the appliance and the server software. A malicious party could exploit them to cause a denial-of-service DoS, gain access gain access to sensitive data in the queue or to execute arbitrary execute arbitrary code with user privileges. IBM has released...

7.5CVSS7.7AI score0.46836EPSS
Exploits2
NCSC
NCSC
•added 2023/06/27 12:0 a.m.•5 views

Vulnerabilities fixed in NVIDIA GPU products

Nvidia has fixed vulnerabilities in the drivers and control software of several GPUs. A malicious party could exploit vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution Administrator/Root...

8.8CVSS7.8AI score0.01387EPSS
Exploits0
NCSC
NCSC
•added 2023/06/27 12:0 a.m.•3 views

Vulnerabilities fixed in Synology Mail Station

Synology has fixed vulnerabilities in MailStation. A malicious party can exploit the vulnerabilities to use SQL injection to execute arbitrary code, or gain access to sensitive data. No CVE identifiers have been disclosed for the vulnerabilities yet. Synology gives the vulnerabilities the status...

7.4AI score
Exploits0
NCSC
NCSC
•added 2023/06/27 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Google Chrome. A malicious party can exploit the vulnerabilities to execute arbitrary code execute arbitrary code in the context of the browser, or potentially access gain access to sensitive data in the context of the browser. The malicious party must trick th...

8.8CVSS9.4AI score0.56192EPSS
Exploits0
NCSC
NCSC
•added 2023/06/23 12:0 a.m.•4 views

Vulnerability fixed in Grafana

Grafana Labs has fixed a vulnerability in Grafana. The vulnerability is in the way accounts are validated when using Azure Active Directory for authentication. A malicious party could exploit it to completely take over an account and thus gain access gain access to sensitive data in that account...

9.8CVSS8.8AI score0.04094EPSS
Exploits0
NCSC
NCSC
•added 2023/06/23 12:0 a.m.•7 views

Vulnerabilities fixed in Fortinet FortiNAC

Fortinet has fixed vulnerabilities in FortiNAC. A unauthenticated malicious person could exploit the vulnerabilities to execute arbitrary code or manipulate files on the FortiNAC system. This requires malicious network traffic must be sent to TCP port 1050 or 5555. Fortinet has released updates t...

9.8CVSS7.8AI score0.24296EPSS
Exploits0
NCSC
NCSC
•added 2023/06/23 12:0 a.m.•7 views

Vulnerabilities fixed in HP Laserjet and MultiFunctionals

Hewlett Packard has fixed vulnerabilities in the firmware of various HP Laserjet and MultiFunctional devices. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause, or to execute arbitrary code on the vulnerable device. HP has released updates to fix the...

9.8CVSS7.9AI score0.01849EPSS
Exploits0
NCSC
NCSC
•added 2023/06/23 12:0 a.m.•6 views

Vulnerability fixed in TOPdesk

TOPdesk has fixed a vulnerability in TOPdesk Self-service and TOPdesk Operator. A malicious party with a valid account can exploit the exploit the vulnerability to impersonate any other user and thus gain access to and manipulate their data. manipulate. The vulnerability lies in the way SAML Sing...

8.1CVSS7AI score0.00741EPSS
Exploits1
NCSC
NCSC
•added 2023/06/23 12:0 a.m.•9 views

Vulnerabilities fixed in IBM Qradar

IBM has fixed vulnerabilities in QRadar. An authenticated malicious party can exploit the vulnerabilities to launch attacks execute attacks that could result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Remote code execution User Rights Access to system...

9.8CVSS7AI score0.20135EPSS
Exploits3
NCSC
NCSC
•added 2023/06/22 12:0 a.m.•6 views

Vulnerabilities fixed in Apple macOS, iOS, iPadOS and Safari

Apple has fixed vulnerabilities in macOS, iOS, iPadOS and Safari. An unauthenticated malicious person could exploit them to execute arbitrary code on the vulnerable system. The most serious vulnerability has been assigned attribute CVE-2023-32434 assigned and allows a malicious person to execute...

8.8CVSS8.7AI score0.51517EPSS
Exploits3
NCSC
NCSC
•added 2023/06/22 12:0 a.m.•3 views

Vulnerabilities fixed in Node.js

Vulnerabilities have been fixed in Node.js. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Increased user privileges Node.js has released updates...

7.7CVSS7.7AI score0.03906EPSS
Exploits1
NCSC
NCSC
•added 2023/06/22 12:0 a.m.•7 views

Vulnerabilities fixed in VMware vCenter

VMware has fixed vulnerabilities in vCenter Server. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code be able to execute arbitrary code on the underlying system. The malicious party does not need to have prior authentication to do this...

9.8CVSS8AI score0.33945EPSS
Exploits0
NCSC
NCSC
•added 2023/06/22 12:0 a.m.•8 views

Vulnerability fixed in Juniper JunOS

Juniper has fixed a vulnerability in JunOS. A unauthenticated malicious person could exploit the vulnerability to cause cause a denial-of-service. The vulnerability is in the way BGP traffic is handled. In specific circumstances, a BGP update can result in the disconnection of the connection...

7.5CVSS6.9AI score0.00645EPSS
Exploits0
NCSC
NCSC
•added 2023/06/20 12:0 a.m.•4 views

Vulnerabilities fixed in IBM Spectrum Protect

IBM fixed vulnerabilities in Spectrum Protect Plus Microsoft Filesystem Backup and Restore. A malicious party could exploit the vulnerabilities to cause a denial-of-service, bypass a security measure, or gain access to sensitive data. IBM has released updates to fix the vulnerabilities in Spectru...

7.5CVSS6.9AI score0.0142EPSS
Exploits1
NCSC
NCSC
•added 2023/06/17 12:0 a.m.•9 views

Vulnerabilities fixed in Mattermost

The developers of Mattermost have fixed vulnerabilities in Mattermost. A malicious party could exploit the vulnerabilities to cause a denial-of-service, bypass a security measure, bypass, manipulate the operation of the application and thus gain access gain access to channels and conversations to...

6.5CVSS7.1AI score0.00678EPSS
Exploits0
Total number of security vulnerabilities4207