Lucene search
+L

4210 matches found

ncsc
ncsc
•added 2023/05/25 12:0 a.m.•8 views

Vulnerability fixed in BitDefender

BitDefender has fixed a vulnerability in Bitdefender Total Security, Bitdefender Internet Security and Bitdefender Antivirus Plus. A malicious person could exploit the vulnerability to grant themselves granted elevated privileges and potentially execute arbitrary code execute arbitrary code with...

7.8CVSS7.7AI score0.00188EPSS
Exploits0
ncsc
ncsc
•added 2023/05/25 12:0 a.m.•6 views

Vulnerability fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed a vulnerability in GitLab 16.0.0. A unauthenticated remote malicious person could exploit to gain access to arbitrary files on the server via a path traversal. The vulnerability is exploitable when the malicious party has knowledge has knowledge of an attachment in a public proje...

10CVSS6.9AI score0.71641EPSS
Exploits5
ncsc
ncsc
•added 2023/05/24 12:0 a.m.•12 views

Vulnerability fixed in MikroTik RouterOS

MikroTik has fixed a vulnerability in RouterOS. A unauthenticated malicious person could potentially abuse it to execute arbitrary code. To do so, malicious network traffic should be sent to the vulnerable device. sent. MikroTik indicates that systems are only vulnerable when they are use a...

7.5CVSS7.3AI score0.0061EPSS
Exploits0
ncsc
ncsc
•added 2023/05/24 12:0 a.m.•10 views

Vulnerability fixed in WordPress Essential Addons For Elementor plugin

A vulnerability has been fixed in Essential Addons for Elementor, a popular WordPress plugin with more than a million active installations. The vulnerability allows unauthenticated malicious parties to be able to reset the passwords of arbitrary users on the affected site to reset them, giving th...

9.8CVSS7.7AI score0.75531EPSS
Exploits8
ncsc
ncsc
•added 2023/05/22 12:0 a.m.•5 views

Vulnerability discovered in Keepass

A vulnerability has been discovered in Keepass v2.A local malicious party can exploit the vulnerability to retrieve the master password password. To do this, the malicious party must already have access to the local environment of the victim. The vulnerability is in how the input field of the...

7.5CVSS7.2AI score0.04397EPSS
Exploits5
ncsc
ncsc
•added 2023/05/19 12:0 a.m.•6 views

Vulnerabilities fixed in Tracker Software PDF-Xchange

Tracker Software has fixed vulnerabilities in PDF-Xchange. A malicious party could exploit the vulnerabilities to cause a denial-of-service and potentially execute code with privileges of the victim. This requires the malicious party to trick the victim into opening a malicious file to open...

7.8CVSS7.4AI score0.00579EPSS
Exploits0
ncsc
ncsc
•added 2023/05/19 12:0 a.m.•5 views

Vulnerabilities fixed in Mitel MiVoice Connect

Mitel has fixed vulnerabilities in several components of MiVoice Connect, such as Mobility router, Edge Gateway, HQ and DVS. A malicious party can exploit the vulnerabilities to execute arbitrary code within the context of the application. To execute code as an administrator, the malicious party...

9.8CVSS7.6AI score0.01714EPSS
Exploits0
ncsc
ncsc
•added 2023/05/19 12:0 a.m.•8 views

Vulnerabilities fixed in cisco Small Business Switch

Cisco has fixed vulnerabilities in a number of series of Small Business Switches. The vulnerabilities are located in the Web interface and enable an unauthenticated malicious person to able to cause a denial-of-service, or to execute arbitrary execute arbitrary code as root. The malicious party...

9.8CVSS7.8AI score0.11101EPSS
Exploits0
ncsc
ncsc
•added 2023/05/19 12:0 a.m.•28 views

Vulnerabilities fixed in Cisco Identity Services Engine (ISE).

Cisco has fixed vulnerabilities in Identity Services Engine ISE. A malicious party can exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Manipulation of data. Circumvention of security measure Remote code execution Administrator/Root rights...

7.2CVSS7.9AI score0.01188EPSS
Exploits0
ncsc
ncsc
•added 2023/05/19 12:0 a.m.•4 views

Vulnerability fixed in CUPS

OpenPrinting has fixed a vulnerability in CUPS. A malicious person with access to the print server, and the ability to create printers, could exploit the vulnerability to execute arbitrary code with print server privileges. OpenPrinting has released updates to fix the vulnerability fix in CUPS. F...

8.8CVSS7.3AI score0.03697EPSS
Exploits1
ncsc
ncsc
•added 2023/05/19 12:0 a.m.•7 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remot...

9.8CVSS8.7AI score0.1653EPSS
Exploits1
ncsc
ncsc
•added 2023/05/19 12:0 a.m.•6 views

Vulnerabilities fixed in Apple macOS

Apple has fixed several vulnerabilities in macOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote...

9.8CVSS8.3AI score0.1653EPSS
Exploits1
ncsc
ncsc
•added 2023/05/17 12:0 a.m.•7 views

Vulnerabilities fixed in Trend Micro Apex One

Trend Micro has fixed vulnerabilities in Apex One. A malicious party could exploit the vulnerabilities to gain elevated permissions, gain access to sensitive information or execute arbitrary code with privileges from the vulnerable system. Trend Micro has released updates to address the...

9.8CVSS7.9AI score0.01221EPSS
Exploits0
ncsc
ncsc
•added 2023/05/17 12:0 a.m.•2 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause, execute arbitrary code in the scope of the browser, or to gain access to sensitive data in the scope of the browser. This requires the malicious party to trick the...

8.8CVSS7.8AI score0.29136EPSS
Exploits1
ncsc
ncsc
•added 2023/05/15 12:0 a.m.•6 views

Vulnerability fixed in Netapp SnapCenter

Netapp has fixed a vulnerability in SnapCenter. A unauthenticated malicious party could exploit the vulnerability to gain access to the backup environment with administrator privileges. This allows the malicious party to gain access to sensitive information, manipulate data or cause a...

9.8CVSS7AI score0.00957EPSS
Exploits0
ncsc
ncsc
•added 2023/05/15 12:0 a.m.•5 views

Vulnerabilities fixed in several Autodesk products

Autodesk has fixed vulnerabilities in several products. A malicious party can exploit the vulnerabilities to execute arbitrary code execute arbitrary code within the vulnerable application by injecting a rogue pskernel.dll. Inserting such a rogue .dll file requires social engineering, or...

7.8CVSS7.8AI score0.00251EPSS
Exploits0
ncsc
ncsc
•added 2023/05/12 12:0 a.m.•7 views

Vulnerabilities fixed in VMWare Aria

VMWare has fixed vulnerabilities in Aria formerly: vRealize. A malicious party could exploit the vulnerabilities to execute arbitrary execute arbitrary commands as "root. For successful abuse, it is necessary that the malicious party already has elevated privileges has. The vulnerability with...

8.8CVSS7.6AI score0.01001EPSS
Exploits0
ncsc
ncsc
•added 2023/05/11 12:0 a.m.•44 views

Vulnerabilities fixed in Aruba Networks ArubaOS and InstantOS

Aruba Networks has fixed vulnerabilities in systems running run on ArubaOS and InstantOS. An unauthenticated malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to system data or execute code on the underlying system with user privileges. To exploit the...

9.8CVSS7.5AI score0.02118EPSS
Exploits0
ncsc
ncsc
•added 2023/05/11 12:0 a.m.•2 views

Vulnerability fixed in the Linux Kernel

A vulnerability has been fixed in the linux kernel. The vulnerability is in the netfilter module. This module is used by the kernel to process network traffic, routing and filtering. This module is only in use when the affected system is actually actively manipulating network traffic, because, fo...

7.8CVSS6.8AI score0.12966EPSS
Exploits7
ncsc
ncsc
•added 2023/05/11 12:0 a.m.•3 views

Vulnerability fixed in IBM Websphere

IBM has fixed a vulnerability in Websphere Application Server. A malicious party could exploit the vulnerability to launch an XML External Entity attack. By serving a rogue XML file, the malicious party can cause a denial-of-service cause, or potentially gain access to sensitive information. IBM...

9.1CVSS6.7AI score0.00859EPSS
Exploits0
ncsc
ncsc
•added 2023/05/10 12:0 a.m.•7 views

Firmware and Intel Boot Guard keys leaked in ransomware attack on MSI

In late March, hardware manufacturer MSI was hit by a ransomware attack. As a result of this ransomware attack, private keys were according to security firm Binarly, private keys were leaked that are used to digitally sign firmware for motherboards. Also compromised were private keys used by Inte...

6.3AI score
Exploits0
ncsc
ncsc
•added 2023/05/09 12:0 a.m.•11 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to carry out attacks that could result in the following categories of damage: Microsoft Teams: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impa...

7.8CVSS6.5AI score0.85395EPSS
Exploits7
ncsc
ncsc
•added 2023/05/09 12:0 a.m.•6 views

Vulnerabilities fixed in SAP products

SAP has released updates for several products, including SAP, SAP Gui, CRM, Netweaver and Business Objects. A malicious person could vulnerabilities potentially exploit and cause damage in the categories below: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of...

9.1CVSS6.1AI score0.00709EPSS
Exploits0
ncsc
ncsc
•added 2023/05/09 12:0 a.m.•20 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in two Developer Tools. In order to exploit the vulnerabilities, the malicious party must have local access to the development environment. SysInternals: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact |...

7.8CVSS6.1AI score0.01747EPSS
Exploits1
ncsc
ncsc
•added 2023/05/09 12:0 a.m.•4 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Google Chrome and Chromium. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Data manipulation. Remote code execution User rights Access to sensitive...

8.8CVSS7.6AI score0.00968EPSS
Exploits0
ncsc
ncsc
•added 2023/05/09 12:0 a.m.•17 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in SIMATIC Cloud Connect, Siveillance, SINEC, Solid Edge and Scalance products. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that could result in the following categories of damage: Denial-of-Service DoS Manipulation ...

9.9CVSS8.2AI score0.1654EPSS
Exploits6
ncsc
ncsc
•added 2023/05/09 12:0 a.m.•8 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root rights Remote code execution User...

9.8CVSS7.9AI score0.94683EPSS
Exploits3
ncsc
ncsc
•added 2023/05/09 12:0 a.m.•2 views

Vulnerabilities fixed in Mozilla Firefox and Firefox ESR

Mozilla has fixed vulnerabilities in Firefox and Firefox ESR. A malicious party could potentially exploit the vulnerabilities to perform attacks that could lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights Spoofi...

9.8CVSS7.5AI score0.00918EPSS
Exploits0
ncsc
ncsc
•added 2023/05/08 12:0 a.m.•5 views

Vulnerabilities fixed in Fortinet products

Fortinet has fixed vulnerabilities in FortiOS, FortiProxy and FortiADC. The vulnerability with reference CVE-2023-22640 relates FortiOS and FortiProxy and allows an authenticated remote malicious person to execute arbitrary code via specially prepared requests to execute arbitrary code. The...

8.8CVSS7.7AI score0.0089EPSS
Exploits0
ncsc
ncsc
•added 2023/05/08 12:0 a.m.•6 views

Vulnerability fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed a vulnerability in GitLab Enterprise Edition EE and Community Edition CE. A malicious person with user privileges could exploit the vulnerability to use a GraphQL endpoint to install rogue runners in any project within the environment and thus execute arbitrary code execute. GitL...

9.6CVSS7.2AI score0.05042EPSS
Exploits0
ncsc
ncsc
•added 2023/05/08 12:0 a.m.•8 views

Vulnerability fixed in OPC Foundation .NET Reference Server

OPC Foundation has fixed a vulnerability in .NET Reference Server. An unauthenticated malicious person could exploit it to cause a denial-of-service. OPC Foundation has released updates to fix the vulnerability fix in OPC .NET Reference Server 1.4.371.86. For more information, see:...

7.5CVSS6.9AI score0.0106EPSS
Exploits1
ncsc
ncsc
•added 2023/05/04 12:0 a.m.•10 views

Vulnerabilities fixed in several F5 products

F5 has fixed several vulnerabilities in BIG-IP and NGINX. A remote malicious party can exploit the vulnerabilities in BIG-IP exploit them to cause a denial-of-service DOS on the Traffic Management Microkernel TMM subprocess. To do this, the vulnerable system must be configured with a specific UDP...

8.1CVSS6.1AI score0.01187EPSS
Exploits0
ncsc
ncsc
•added 2023/05/03 12:0 a.m.•11 views

Vulnerabilities fixed in Elastic products

Vulnerabilities have been fixed in the Kibana and Filebeat products from Elastic. These vulnerabilities allow an attacker to perform cross-site scripting attacks, read system data such as read logs or execute arbitrary code under user privileges. The vulnerability with attribute CVE-2023-31415 in...

9.9CVSS6.9AI score0.00957EPSS
Exploits2
ncsc
ncsc
•added 2023/05/02 12:0 a.m.•36 views

Vulnerabilities fixed in IBM MQ

IBM has fixed vulnerabilities in MQ. A malicious party could exploit the exploit the vulnerabilities to cause a Denial-of-Service, or to gain access to sensitive data. To access sensitive data, the malicious party must have access to a client where the Trace feature is enabled. IBM has released...

7.5CVSS6.9AI score0.00945EPSS
Exploits0
ncsc
ncsc
•added 2023/05/02 12:0 a.m.•11 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Arm, Imagination Technologies, Unisoc and Mediatek. The vulnerabilities potentially enable a malicious person to execute attacks that...

9.8CVSS7.2AI score0.03702EPSS
Exploits9
ncsc
ncsc
•added 2023/04/28 12:0 a.m.•6 views

Vulnerability fixed in Dradis Pro

Dradis has fixed a vulnerability in Dradis Pro. A malicious party could exploit the vulnerability to perform a cross-site scripting attack. Such an attack can lead to execution of arbitrary code in the context of the browser of the victim, or access sensitive data within that same context of the...

8.7CVSS6.7AI score0.00509EPSS
Exploits0
ncsc
ncsc
•added 2023/04/28 12:0 a.m.•7 views

Vulnerabilities fixed in Grafana

Grafana Labs has fixed vulnerabilities in Grafana. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to gain access to sensitive data. Grafana Labs has released updates to address the vulnerabilities fixes in Grafana. For more information, see:...

7.5CVSS9.7AI score0.01504EPSS
Exploits1
ncsc
ncsc
•added 2023/04/28 12:0 a.m.•7 views

Vulnerabilities fixed in Git for Windows

The Git community has fixed vulnerabilities in Git for Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Manipulation of data Circumvention of security measure Remote code execution Administrator/Root...

7.8CVSS8.1AI score0.51883EPSS
Exploits2
ncsc
ncsc
•added 2023/04/28 12:0 a.m.•2 views

Vulnerability fixed in IBM Websphere Application Server

IBM has fixed a vulnerability in the management interface of Websphere Application Server. A malicious person with access to this interface could exploit the vulnerability to launch a Cross-Site Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the context of the...

6.1CVSS6.6AI score0.00399EPSS
Exploits0
ncsc
ncsc
•added 2023/04/28 12:0 a.m.•5 views

Vulnerabilities fixed in IBM App Connect Enterprise and Integration Bus

IBM fixed vulnerabilities in Integration Bus and App Connect Enterprise. The vulnerabilities are in the underlying Eclipse Mosquito and allow a malicious party to perform a denial-of-service attack. IBM has released updates to fix the vulnerabilities in Integration Bus and App Connect Enterprise...

7.5CVSS6.8AI score0.0126EPSS
Exploits2
ncsc
ncsc
•added 2023/04/25 12:0 a.m.•2 views

Vulnerabilities fixed in IBM DB2

IBM has fixed vulnerabilities in DB2. A malicious party could exploit the exploit the vulnerabilities to cause a denial-of-service. The vulnerability with reference CVE-2023-29257 allows a malicious person with management privileges on a database to execute arbitrary code execute arbitrary code, ...

7.5CVSS7.3AI score0.01513EPSS
Exploits0
ncsc
ncsc
•added 2023/04/25 12:0 a.m.•17 views

Vulnerabilities fixed in Zyxel Firewalls and Access Points

Zyxel has fixed vulnerabilities in the firmware of several USG, APT, VPN and ZyWall systems. A malicious party can exploit the vulnerabilities exploit them for attacks that can result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution...

9.8CVSS7.8AI score0.99284EPSS
Exploits8
ncsc
ncsc
•added 2023/04/25 12:0 a.m.•8 views

Vulnerability fixed in Rancher

A vulnerability has been fixed in Rancher. The vulnerability is located in the update mechanism. Systems that used the internal update mechanism used to upgrade from versions 2.6.x and 2.7.x upgrade to 2.7.2 are vulnerable. Systems initially installed on version 2.7.2 are not vulnerable. Due to a...

9.9CVSS7.2AI score0.00779EPSS
Exploits0
ncsc
ncsc
•added 2023/04/25 12:0 a.m.•6 views

Vulnerabilities fixed in APC Easy UPS Online. Monitoring

APC has fixed vulnerabilities in Easy UPS Online Monitoring. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code execute with the victim's privileges. Because the online monitoring software is used by administrators, it is likely that cod...

9.8CVSS7.7AI score0.01315EPSS
Exploits0
ncsc
ncsc
•added 2023/04/25 12:0 a.m.•4 views

Vulnerabilities fixed in Foxit PDF Editor and PDF Reader

Foxit has fixed vulnerabilities in its PDF Reader and Editor. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code execute with the victim's privileges. This requires the malicious party to trick the victim into opening a malicious file to...

7.8CVSS7.5AI score0.46994EPSS
Exploits0
ncsc
ncsc
•added 2023/04/24 12:0 a.m.•2 views

Vulnerability fixed in dmidump

A vulnerability has been fixed in dmidump. A malicious party can exploit the vulnerability to overwrite arbitrary files and overwrite and thus grant himself elevated privileges, or execute arbitrary code with root privileges. A researcher has published a writeup with working Proof-of-Concept code...

7.1CVSS6.7AI score0.00523EPSS
Exploits1
ncsc
ncsc
•added 2023/04/21 12:0 a.m.•6 views

Vulnerabilities fixed in VMWare Aria Operations or Logs (vh: vrealize Log Insight)

VMWare has fixed vulnerabilities in Aria Operations for Logs, formerly known as vRealize Log Insight. A malicious person with access to the log server can exploit the vulnerabilities exploit them to execute arbitrary code as root. The malicious party can gain access without prior authentication...

9.8CVSS7.9AI score0.70423EPSS
Exploits0
ncsc
ncsc
•added 2023/04/20 12:0 a.m.•7 views

Vulnerabilities fixed in Oracle Virtualization

Vulnerabilities have been fixed in Oracle VM VirtualBox. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights Access to sensitive...

8.2CVSS7.1AI score0.01644EPSS
Exploits1
ncsc
ncsc
•added 2023/04/20 12:0 a.m.•26 views

Vulnerabilities fixed in Oracle Siebel CRM

Vulnerabilities have been fixed in Oracle Siebel CRM. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...

7.5CVSS8.3AI score0.50445EPSS
Exploits3
ncsc
ncsc
•added 2023/04/20 12:0 a.m.•4 views

Vulnerability fixed in Schneider Electric PowerLogic

Schneider Electric has fixed a vulnerability in PowerLogic HDPM6000. A malicious party could exploit the vulnerability to cause a denial-of-service DoS, or possibly to execute arbitrary execute arbitrary code on the vulnerable system, by sending specially prepared Ethernet packets. To send the...

9.8CVSS7.8AI score0.01118EPSS
Exploits0
Total number of security vulnerabilities4210