Lucene search
+L

4209 matches found

ncsc
ncsc
•added 2023/03/31 12:0 a.m.•9 views

Vulnerabilities fixed in GitLab Enterprise and Community Editions

GitLab has fixed several vulnerabilities in GitLab Enterprise and Community Editions. A malicious person with access to the development environment could exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Cross-Site Scripting XSS...

9.8CVSS6.8AI score0.01242EPSS
Exploits1
ncsc
ncsc
•added 2023/03/31 12:0 a.m.•44 views

Vulnerabilities fixed in IBM QRadar SIEM and User Behavior Analytics

IBM fixed vulnerabilities in QRadar SIEM and User Behavior Analytics. A malicious party could exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of security...

9.8CVSS7.5AI score0.55367EPSS
Exploits72
ncsc
ncsc
•added 2023/03/30 12:0 a.m.•28 views

Vulnerabilities fixed in QNAP QTS and QuTS hero

QNAP has fixed vulnerabilities in QTS and QuTS hero, the operating system for QNAP NAS devices. An authenticated malicious person could exploit the vulnerabilities to cause a denial-of-service, or grant themselves elevated privileges and thus gain access to sensitive data or execute arbitrary cod...

8.8CVSS7.6AI score0.59501EPSS
Exploits21
ncsc
ncsc
•added 2023/03/30 12:0 a.m.•6 views

Vulnerabilities fixed in Forcepoint Cloud Security Gateway

Forcepoint has fixed vulnerabilities in the Login Portal of Cloud Security Gateway and underlying tooling such as Web Security Gateway and Email Security Gateway. An unauthenticated malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack typically...

6.1CVSS6.5AI score0.00353EPSS
Exploits0
ncsc
ncsc
•added 2023/03/30 12:0 a.m.•7 views

Vulnerabilities fixed in Jetbrains IntelliJ IDEA

Jetbrains has fixed vulnerabilities in IntelliJ IDEA. A malicious person with access to the development environment can exploit the vulnerabilities to bypass security measures or manipulate source code to gain access to sensitive data or execute or have executed code with privileges of the victim...

8.8CVSS7.6AI score0.00646EPSS
Exploits0
ncsc
ncsc
•added 2023/03/30 12:0 a.m.•3 views

Vulnerabilities fixed in Samba

Samba developers have fixed vulnerabilities in Samba. A malicious party could exploit the vulnerabilities to gain access gain access to sensitive data, or to manipulate data in the underlying Active Directory without being authorized to do so. The vulnerability with attribute CVE-2023-0614 is a f...

7.7CVSS7.2AI score0.02195EPSS
Exploits0
ncsc
ncsc
•added 2023/03/28 12:0 a.m.•8 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed several vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root righ...

9.8CVSS7.8AI score0.09426EPSS
Exploits0
ncsc
ncsc
•added 2023/03/28 12:0 a.m.•9 views

Vulnerabilities fixed in Apple macOS

Apple has fixed several vulnerabilities in macOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote...

9.8CVSS7.6AI score0.1654EPSS
Exploits8
ncsc
ncsc
•added 2023/03/27 12:0 a.m.•7 views

Vulnerabilities fixed in Apache OpenOffice

Apache has fixed vulnerabilities in OpenOffice. A malicious party can exploit the vulnerabilities to execute arbitrary code execute arbitrary code in the context of the application, with permissions from the victim. To do this, the malicious party must trick the victim into opening a malicious fi...

8.1CVSS9.1AI score0.0176EPSS
Exploits0
ncsc
ncsc
•added 2023/03/24 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Google has fixed several vulnerabilities in Chrome. A remote malicious person could exploit the vulnerabilities to perform execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data To exploit the...

9.8CVSS9.7AI score0.02925EPSS
Exploits0
ncsc
ncsc
•added 2023/03/23 12:0 a.m.•28 views

Vulnerabilities fixed in Cisco Access Points

Cisco has fixed vulnerabilities in several access points. A malicious party could exploit the vulnerabilities to cause a denial-of-service on the vulnerable system, or to execute arbitrary code as root. To execute arbitrary code, the malicious party needs need prior authentication on the command...

7.4CVSS8AI score0.00303EPSS
Exploits0
ncsc
ncsc
•added 2023/03/23 12:0 a.m.•26 views

Vulnerabilities fixed in IBM Aspera Faspex

IBM has fixed vulnerabilities in Aspera Faspex. A malicious party could exploit the vulnerabilities to obtain sensitive data obtain, or potentially execute arbitrary code under the victim's privileges through an XML External Entity injection attack XXE. IBM has released updates to fix the...

9.9CVSS7.6AI score0.01343EPSS
Exploits0
ncsc
ncsc
•added 2023/03/23 12:0 a.m.•48 views

Vulnerabilities fixed in Cisco IOS XE

Cisco has fixed vulnerabilities in IOS XE. An authenticated malicious party could exploit the vulnerabilities to gain access to system data, cause a denial-of-service, or to grant themselves elevated privileges and potentially execute arbitrary execute arbitrary code on the vulnerable system. To...

8.6CVSS7.8AI score0.01714EPSS
Exploits0
ncsc
ncsc
•added 2023/03/17 12:0 a.m.•33 views

Vulnerabilities discovered in mobile devices with Samsung Exynos Modem

Google Project Zero has discovered fourteen vulnerabilities in Samsung Exynos Modems. These modems are used in at least the following mobile devices: Samsung: S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 Vivo: S16, S15, S6, X70, X60 and X30 Google: Pixel 6 and Pixel 7 It is possible...

9.8CVSS6.7AI score0.34546EPSS
Exploits0
ncsc
ncsc
•added 2023/03/17 12:0 a.m.•4 views

Vulnerability fixed in IBM Aspera Faspex

IBM has fixed a vulnerability in Aspera Faspex. A authenticated malicious user can use the vulnerability to change the password of another user. IBM has released a new container image to fix the vulnerability fix in Aspera Faspex 5.0.4. For more information, see:...

7.5CVSS6.7AI score0.00559EPSS
Exploits0
ncsc
ncsc
•added 2023/03/16 12:0 a.m.•6 views

Vulnerability fixed in Adobe Creative Cloud Desktop Application

Adobe has fixed a vulnerability in Creative Cloud Desktop Application. A local malicious person could abuse the vulnerability to execute arbitrary code. The malicious party does not need prior authorizations on the application. Adobe has released updates to fix the vulnerability in Creative Cloud...

8.6CVSS7.1AI score0.00355EPSS
Exploits0
ncsc
ncsc
•added 2023/03/16 12:0 a.m.•23 views

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Illustrator 2023. A malicious party could exploit the vulnerabilities to gain access to sensitive data, or to execute arbitrary code with privileges of the victim. To do so, the malicious party must trick the victim into opening a malicious file to open. Adobe h...

7.8CVSS7.9AI score0.00353EPSS
Exploits0
ncsc
ncsc
•added 2023/03/16 12:0 a.m.•3 views

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox and Thunderbird. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Spoofing Access to sensitive data Access to system data The malicious party...

8.8CVSS6.8AI score0.00798EPSS
Exploits0
ncsc
ncsc
•added 2023/03/16 12:0 a.m.•8 views

Vulnerabilities fixed in Zoom

Zoom has fixed vulnerabilities in the Zoom client for various platforms. An unauthenticated remote malicious person could exploit the exploit the vulnerabilities to cause a denial-of-service. A local malicious person can grant themselves elevated privileges through vulnerabilities in the installe...

9.8CVSS7.7AI score0.11082EPSS
Exploits2
ncsc
ncsc
•added 2023/03/16 12:0 a.m.•6 views

Vulnerability fixed in Adobe Photoshop

Adobe has fixed a vulnerability in Photoshop. A local malicious party can exploit the vulnerability to execute arbitrary code. The malicious party does not need any prior authorizations on the application. Adobe has released updates to fix the vulnerability in Photoshop 2022 v23.5.4 & 2023 v24.2....

7.8CVSS6.9AI score0.00463EPSS
Exploits0
ncsc
ncsc
•added 2023/03/16 12:0 a.m.•4 views

Vulnerability fixed in HP Integrated Lights Out (ILO)

Hewlett Packard has fixed a vulnerability in Integrated Lights Out ILO 4, 5 and 6. A malicious person with access to the ILO infrastructure could exploit the vulnerability to perform of a cross-site scripting XSS attack. Such an attack can lead to execution of code in the context of the browser o...

8.3CVSS6.1AI score0.00445EPSS
Exploits0
ncsc
ncsc
•added 2023/03/16 12:0 a.m.•9 views

Vulnerabilities fixed in Adobe ColdFusion

Adobe has fixed vulnerabilities in ColdFusion. A malicious party could exploit the vulnerabilities to execute arbitrary code execute application privileges to gain access to sensitive data. Of the vulnerability with reference CVE-2023-26360, Adobe indicates information that it has already been...

9.8CVSS7.5AI score0.97339EPSS
Exploits13
ncsc
ncsc
•added 2023/03/16 12:0 a.m.•9 views

Vulnerabilities fixed in Adobe Dimension

Adobe has fixed vulnerabilities in Dimension. A local malicious person could exploit the vulnerabilities to execute arbitrary code execute with application privileges, or to access gain access to sensitive data in the context of the application. Adobe has released updates to fix the vulnerabiliti...

7.8CVSS7.3AI score0.00437EPSS
Exploits0
ncsc
ncsc
•added 2023/03/16 12:0 a.m.•8 views

Vulnerabilities fixed in Aruba Clearpass Policy Manager

Aruba Networks has fixed vulnerabilities in Clearpass Policy Manager. The vulnerabilities are located in the web-based management interface of CPPM and allow a malicious person to access gain access to sensitive data, execute arbitrary code on the underlying system or, through a chain of actions,...

9.8CVSS7.2AI score0.00961EPSS
Exploits0
ncsc
ncsc
•added 2023/03/16 12:0 a.m.•36 views

Vulnerabilities fixed in Aveva products

Aveva has fixed vulnerabilities in inTouch, PlantScada and Telemery Server. A malicious party could exploit the vulnerabilities to carry out attacks that could result in the following categories of damage: Denial-of-Service DoS Data manipulation. Remote code execution User rights Access to system...

9.8CVSS8.5AI score0.99019EPSS
Exploits13
ncsc
ncsc
•added 2023/03/15 12:0 a.m.•10 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in Azure Service Fabric and Azure HDInsight Apache Ambari. The vulnerabilities allow a malicious person able to impersonate another user. To do so, the malicious party must entice someone with higher privileges entice someone with higher privileges to click on ...

8.2CVSS5.9AI score0.11687EPSS
Exploits3
ncsc
ncsc
•added 2023/03/15 12:0 a.m.•8 views

Vulnerabilities fixed in Microsoft Visual Studio

Microsoft has fixed vulnerabilities in Visual Studio. The vulnerabilities are located in the git code used by Visual Studio used and allow a malicious party to access gain access to sensitive data, or to execute arbitrary code execute code with the victim's privileges. Because Visual Studio is a...

8.6CVSS7.2AI score0.01144EPSS
Exploits3
ncsc
ncsc
•added 2023/03/15 12:0 a.m.•28 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in the Dynamics 365 platform. An authenticated malicious party can exploit the vulnerabilities exploit them to perform a cross-site scripting attack and thus impersonate another user and gain access to their data. Microsoft Dynamics:...

6.5CVSS5.8AI score0.01461EPSS
Exploits2
ncsc
ncsc
•added 2023/03/15 12:0 a.m.•12 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. The vulnerabilities allow a malicious person to perform execute attacks that can result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Spoofing Access to sensitive data Increased user...

9.8CVSS8.6AI score0.97408EPSS
Exploits24
ncsc
ncsc
•added 2023/03/14 12:0 a.m.•12 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. The vulnerabilities allow a malicious person to carry out attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Increased user privileges The mos...

9.8CVSS8AI score0.78152EPSS
Exploits1
ncsc
ncsc
•added 2023/03/14 12:0 a.m.•53 views

Vulnerabilities fixed in SAP products

SAP has released updates for several products, including SAP ERP, Netweaver, HAMA, Business Objects and SAP Solution Manager. A malicious party could potentially exploit the vulnerabilities and cause damage cause damage in the categories listed below: Cross-Site Scripting XSS Denial-of-Service Do...

9.9CVSS6.8AI score0.01184EPSS
Exploits0
ncsc
ncsc
•added 2023/03/14 12:0 a.m.•24 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in SCALANCE, among others, RuggedCom, SIMATIC, SIPROTEC and Mendix. The vulnerabilities allow a malicious party potentially capable of carrying out attacks that lead to the following categories of damage: Denial-of-Service DoS. Accessing sensitive data Bypassing...

10CVSS7.5AI score0.94921EPSS
Exploits204
ncsc
ncsc
•added 2023/03/13 12:0 a.m.•5 views

Vulnerabilities fixed in Lexmark Printers and Multifunctionals

Lexmark has fixed several vulnerabilities in the firmware of their printers and multifunction devices. A remote malicious person could exploit the vulnerabilities to execute arbitrary code in the context of the printer's vulnerable interface, or to appropriate elevated privileges after previous...

9.8CVSS8AI score0.37835EPSS
Exploits4
ncsc
ncsc
•added 2023/03/13 12:0 a.m.•4 views

Vulnerabilities fixed in Redis

Redis has fixed two vulnerabilities. A malicious party can exploit the exploit the vulnerabilities to cause a denial-of-service. Because Redis is widely used as a message broker to support of information exchange processes, the consequence of a Denial-of-Service on the Redis service cannot be...

6.5CVSS7AI score0.59706EPSS
Exploits0
ncsc
ncsc
•added 2023/03/10 12:0 a.m.•25 views

Vulnerabilities fixed in Cisco IOS XR

Cisco has fixed vulnerabilities in IOS XR, as used in ASR series 9000 routers. An unauthenticated remote malicious person could remote can exploit the vulnerability with attribute CVE-2023-20049 to cause a denial-of-service DoS by sending rogue BFD packets. BFD is Bidirectional Forwarding...

8.6CVSS7.2AI score0.01046EPSS
Exploits0
ncsc
ncsc
•added 2023/03/09 12:0 a.m.•9 views

Vulnerabilities fixed in Foxit PDF Editor

Foxit has fixed vulnerabilities in PDF Editor. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or potentially execute arbitrary code execute arbitrary code in the user's context, as it appears possible appears to be able to reuse released objects and pointers in...

7.8CVSS7.7AI score0.03925EPSS
Exploits0
ncsc
ncsc
•added 2023/03/09 12:0 a.m.•2 views

Vulnerability fixed in Veeam Backup & Replication

A vulnerability has been fixed in Veaam Backup & Replication. A unauthenticated malicious person with access to the network port of the Backup Server, could exploit the vulnerability to retrieve encrypted credentials from the configuration. Using these credentials, the malicious party can then ga...

7.5CVSS6.9AI score0.7761EPSS
Exploits4
ncsc
ncsc
•added 2023/03/08 12:0 a.m.•7 views

Vulnerability fixed in FortiOS

FortiNet has fixed a vulnerability in FortiOS. The vulnerability is located in the management environment and allows an unauthenticated malicious person, with access to that management interface, be able to perform a denial-of-service on the management interface, or execute arbitrary code on the...

9.8CVSS7.7AI score0.17797EPSS
Exploits1
ncsc
ncsc
•added 2023/03/08 12:0 a.m.•6 views

Vulnerabilities fixed in Google Chrome

Google has fixed several vulnerabilities in Chrome. A remote malicious person could exploit the vulnerabilities to perform execute attacks that could result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to...

8.8CVSS9.7AI score0.01163EPSS
Exploits7
ncsc
ncsc
•added 2023/03/07 12:0 a.m.•8 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Unisoc and Mediatek. The vulnerabilities potentially enable a malicious party to perform attacks that result in the following categories...

9.8CVSS7.1AI score0.01445EPSS
Exploits1
ncsc
ncsc
•added 2023/03/03 12:0 a.m.•54 views

Vulnerabilities fixed in xWiki

The developers of Xwiki have fixed several vulnerabilities in Xwiki. An authenticated malicious person could exploit the vulnerabilities to execute arbitrary code, or to gain access to data to which the malicious party is not initially authorized. Xwiki has released updates to fix the...

10CVSS7.4AI score0.74757EPSS
Exploits13
ncsc
ncsc
•added 2023/03/03 12:0 a.m.•52 views

Vulnerabilities fixed in GitLab Enterprise and Community Editions

GitLab has fixed several vulnerabilities in GitLab Enterprise Edition and Community Edition. A malicious party could exploit vulnerabilities to launch attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of security measure...

8.7CVSS6.5AI score0.9242EPSS
Exploits0
ncsc
ncsc
•added 2023/03/02 12:0 a.m.•7 views

Vulnerabilities fixed in HP Serviceguard

HP has fixed vulnerabilities in Serviceguard. A malicious person could exploit the vulnerabilities to cause a denial-of-service, or possibly to execute arbitrary code with application privileges. HP has released updates to fix the vulnerabilities in Serviceguard linux A.15.00.00 and A.12.80.05. F...

9.8CVSS7.7AI score0.00787EPSS
Exploits0
ncsc
ncsc
•added 2023/03/02 12:0 a.m.•39 views

Vulnerabilities fixed in Aruba Networks OS

Aruba Networks has fixed several vulnerabilities in Aruba OS, as used in WLAN Gateway, SD-WAN Gateway and Aruba Mobility Conductor & Controller. An unauthenticated malicious person can exploit the exploit vulnerabilities to delete arbitrary files and thereby potentially cause a denial-of-service,...

9.8CVSS8.4AI score0.50445EPSS
Exploits0
ncsc
ncsc
•added 2023/03/02 12:0 a.m.•8 views

Vulnerability fixed in Cisco Finesse and Unified Contact Center

Cisco has fixed a vulnerability in Finesse and Unified Contact Center. The vulnerability is in the nginx component. When configured as a reverse proxy, an unauthenticated remote malicious person could exploit it to cause a denial-of-service on the system. Cisco has released updates to fix the...

7.5CVSS6.9AI score0.00795EPSS
Exploits0
ncsc
ncsc
•added 2023/03/02 12:0 a.m.•2 views

Vulnerability fixed in IBM Websphere

IBM has fixed a vulnerability in the HTTP server which is used in Websphere Application Server. An unauthenticated remote attacker could exploit the vulnerability to cause a Denial-of-Service by offering a prepared, malformed URL. IBM has released updates to fix the vulnerability in HTTP Server f...

7.5CVSS6.7AI score0.01116EPSS
Exploits0
ncsc
ncsc
•added 2023/03/02 12:0 a.m.•12 views

Vulnerabilities fixed in Cisco IP Phones

Cisco has fixed two vulnerabilities in the web management interface of several IP phones. A malicious person with access to this web interface could exploit the vulnerabilities to cause a denial-of-service, or execute arbitrary code on the vulnerable phones. It is good practice not to have such a...

9.8CVSS7.3AI score0.10351EPSS
Exploits0
ncsc
ncsc
•added 2023/03/02 12:0 a.m.•2 views

Vulnerabilities fixed in Mattermost

Mattermost has fixed several vulnerabilities in Mattermost. The vulnerabilities were made through Responsible Disclosure and Mattermost is not making any substantive information available until March 30. No CVE IDs have been published. The most serious vulnerability has been rated HIGH by...

7AI score
Exploits0
ncsc
ncsc
•added 2023/03/01 12:0 a.m.•7 views

Vulnerabilities fixed in ForgeRock Web Agents and Java Agents

ForgeRock has fixed vulnerabilities in Web Agents and Java Agents. An unauthenticated remote malicious agent could potentially exploit the vulnerabilities potentially exploit them to bypass authentication, gain access to sensitive data or execute arbitrary code execute arbitrary code. ForgeRock h...

9.8CVSS7.5AI score0.00973EPSS
Exploits0
ncsc
ncsc
•added 2023/02/27 12:0 a.m.•22 views

Vulnerabilities fixed in Solarwinds Platform

Solarwinds has fixed vulnerabilities in the Network Performance Monitoring tools of Solarwinds Platform. A malicious person with prior authentication can exploit the vulnerabilities to execute arbitrary code at the system level of the vulnerable system. Solarwinds has released updates to address...

7.8CVSS7.8AI score0.84803EPSS
Exploits0
Total number of security vulnerabilities4209