Lucene search
K

4209 matches found

NCSC
NCSC
•added 2023/02/24 12:0 a.m.•4 views

Vulnerabilities fixed in Cisco NX-OS

Cisco has fixed vulnerabilities in NX-OS. The vulnerability with attribute CVE-2022-20050 can be exploited by a local, authenticated malicious person to exploit arbitrary code execute arbitrary code at the system level by exploiting command-line injection. Also, a bug has been fixed in the...

7.8CVSS7.2AI score0.00251EPSS
Exploits0
NCSC
NCSC
•added 2023/02/24 12:0 a.m.•7 views

Vulnerabilities fixed in Cisco Firepower and UCS Fabric Interconnect systems

Cisco has fixed vulnerabilities in FX-OS, as used in Firepower and UCS Fabric systems. The vulnerability with reference CVE-2023-20016 allows a malicious person with access to backups to gain access to the backup data from the vulnerable devices. This allows the malicious party gain access to the...

6.7CVSS8.2AI score0.00223EPSS
Exploits0
NCSC
NCSC
•added 2023/02/24 12:0 a.m.•7 views

Vulnerabilities fixed in Cisco Email Security Appliance (ESA) and Secure Email and Web Manager.

Cisco has fixed vulnerabilities in Email Security Appliance ESA and Secure Email and Web Manager. A malicious party with prior authentication could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code execute arbitrary code with elevated privileges,...

7.2CVSS8.1AI score0.01262EPSS
Exploits3
NCSC
NCSC
•added 2023/02/23 12:0 a.m.•5 views

Vulnerability fixed in Arista switches

Arista has fixed a vulnerability in the firmware of several Series 7000 switches. Switches that are redundantly configured and are equipped with the redundant supervisor module, allow an unauthenticated malicious person to log in as root to the standby supervisor. However, the malicious party mus...

9.3CVSS6.6AI score0.00238EPSS
Exploits1
NCSC
NCSC
•added 2023/02/23 12:0 a.m.•15 views

Vulnerability fixed in VMware vRealize

VMware has fixed a vulnerability in vRealize Orchestrator and vRealize Automation. A malicious person with access to the Orchestrator could exploit the vulnerability for an XML External Entity XXE attack, potentially gaining access to sensitive data or grant themselves elevated privileges in the...

8.8CVSS7AI score0.01265EPSS
Exploits0
NCSC
NCSC
•added 2023/02/23 12:0 a.m.•4 views

Vulnerabilities fixed in Foxit PDF Reader and Foxit PDF Editor

Foxit has fixed several vulnerabilities in PDF reader and PDF Editor. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or potentially execute arbitrary code execute arbitrary code with the victim's privileges. The malicious party must trick the deceive the victim...

7.8AI score
Exploits0
NCSC
NCSC
•added 2023/02/23 12:0 a.m.•4 views

Vulnerabilities fixed in Google Chrome and Chromium

Google has fixed several vulnerabilities in Chrome. A remote malicious person can exploit the vulnerabilities to perform execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data To exploit the...

8.8CVSS9.7AI score0.00668EPSS
Exploits0
NCSC
NCSC
•added 2023/02/23 12:0 a.m.•7 views

Vulnerability fixed in FortiWeb

FortiNet has fixed a vulnerability in the proxy daemon of FortiWeb. An unauthenticated remote malicious agent could vulnerability potentially exploit it to execute arbitrary code with permissions from the daemon. To do this, the malicious party must cause a buffer overflow via rogue HTTP traffic...

9.8CVSS7.8AI score0.34978EPSS
Exploits1
NCSC
NCSC
•added 2023/02/20 12:0 a.m.•6 views

Vulnerabilities fixed in IBM MQ Operator and Queue Manager

IBM has fixed vulnerabilities in MQ Operator and Queue Manager. An unauthenticated malicious person could exploit them to cause a denial-of-service, or potentially execute arbitrary code on the vulnerable system. The vulnerabilities are located in the underlying libksba and sqlite libraries. IBM...

9.8CVSS9.7AI score0.17981EPSS
Exploits4
NCSC
NCSC
•added 2023/02/20 12:0 a.m.•8 views

Vulnerability fixed in Joomla!

Joomla has fixed a vulnerability. An unauthenticated remote malicious person could exploit the vulnerability to gain access to vulnerable servers without prior authentication to gain access to vulnerable web endpoints. The consequential damage depends on the endpoint and could potentially lead to...

5.3CVSS7.8AI score0.99827EPSS
Exploits43
NCSC
NCSC
•added 2023/02/20 12:0 a.m.•4 views

Vulnerabilities fixed in Node.js

Vulnerabilities have been fixed in node.js. A malicious party can exploit the vulnerabilities to bypass security measures and thus gain access to modules and code for which which it is not authorized. Also, the malicious party can cause a Denial-of-Service, or through host header injection...

7.5CVSS7.8AI score0.02209EPSS
Exploits2
NCSC
NCSC
•added 2023/02/17 12:0 a.m.•38 views

Vulnerabilities fixed in FortiNet FortiWeb

FortiNet has fixed vulnerabilities in FortiWeb. A authenticated malicious person could exploit the vulnerabilities to execute arbitrary code up to and including root privileges on the vulnerable system. FortiNet has released updates to fix the vulnerabilities in FortiWeb. For more information, se...

8.8CVSS7.6AI score0.01324EPSS
Exploits0
NCSC
NCSC
•added 2023/02/17 12:0 a.m.•49 views

Vulnerabilities fixed in FortiNet FortiOS

FortiNet has fixed vulnerabilities in FortiOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Access to sensitive data Increased user privileges With the...

8.8CVSS6.4AI score0.00927EPSS
Exploits0
NCSC
NCSC
•added 2023/02/17 12:0 a.m.•84 views

Vulnerabilities fixed in Intel BMC and OpenBMC firmware

Intel has fixed vulnerabilities in the BMC and OpenBMC firmware for various processors. A malicious party could exploit them to cause a denial-of-service, or grant themselves elevated privileges, possibly up to administrator level. Intel has released updates to fix the vulnerabilities in BMC and...

10CVSS7.1AI score0.0301EPSS
Exploits2
NCSC
NCSC
•added 2023/02/17 12:0 a.m.•5 views

Vulnerability fixed in FortiNet FortiAnalyzer

FortiNet has fixed a vulnerability in FortiAnalyzer. A unauthenticated malicious person could exploit the vulnerability to perform perform a cross-site scripting attack. Such an attack can lead to execution of arbitrary code in the context of the victim's browser of the victim. FortiNet has...

6.1CVSS6.7AI score0.00668EPSS
Exploits0
NCSC
NCSC
•added 2023/02/17 12:0 a.m.•6 views

Vulnerabilities fixed in ClamAV

ClamAV has fixed two vulnerabilities in ClamAV. A unauthenticated remote malicious person could exploit them to obtain sensitive information, or to execute arbitrary code with privileges from ClamAV. ClamAV has released updates to fix the vulnerabilities in ClamAV 1.0.1, 0.105.2 and 0.103.8. For...

9.8CVSS7.9AI score0.29314EPSS
Exploits5
NCSC
NCSC
•added 2023/02/16 12:0 a.m.•6 views

Vulnerabilities fixed in Git and GitLab

The Git community has fixed vulnerabilities in Git. A malicious party with a repository under its control could exploit the vulnerabilities to gain access to sensitive data, or overwrite arbitrary files on the system of the victim's system. The vulnerability is in the way Git handles symbolic...

7.5CVSS9.7AI score0.01144EPSS
Exploits3
NCSC
NCSC
•added 2023/02/16 12:0 a.m.•5 views

Vulnerability fixed in HAProxy

HAProxy has fixed a vulnerability in all supported versions of HAProxy. Because headers are not always correctly processed, other headers can potentially become hidden from the parser of the proxy. This can cause a so-called "Request Smuggling occur. Request Smuggling attacks can lead to...

9.1CVSS6.9AI score0.05493EPSS
Exploits0
NCSC
NCSC
•added 2023/02/16 12:0 a.m.•4 views

Vulnerabilities fixed in Cisco Nexus Dashboard

Cisco has fixed vulnerabilities in the Nexus Dashboard. A malicious person with access to the management environment can exploit the exploit the vulnerabilities to cause a denial-of-service, or to launch a cross-site scripting attack. execute. Such an attack could result in execution of code in t...

7.5CVSS6.7AI score0.00952EPSS
Exploits0
NCSC
NCSC
•added 2023/02/16 12:0 a.m.•3 views

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed several vulnerabilities in Firefox, Firefox ESR th Thunderbird. A malicious person could exploit them to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Spoofing Access to sensitive data Access to...

9.8CVSS7.5AI score0.00817EPSS
Exploits2
NCSC
NCSC
•added 2023/02/16 12:0 a.m.•10 views

Vulnerabilities fixed in various Adobe products

Adobe has fixed vulnerabilities in several products, including Photoshop, Framemaker, InDesign and Premiere Rush. A malicious party could exploit the vulnerabilities to execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure...

7.8CVSS7.3AI score0.81875EPSS
Exploits4
NCSC
NCSC
•added 2023/02/16 12:0 a.m.•2 views

Fixed vulnerabilities in several Atlassian products

Atlassian has fixed vulnerabilities in several products that use git. The vulnerability is located in the included git implementation and allows a malicious person to to execute arbitrary code. For these vulnerabilities in git, security advisory NCSC-2023-0024 released. Atlassian has released...

9.8CVSS7.8AI score0.56334EPSS
Exploits0
NCSC
NCSC
•added 2023/02/15 12:0 a.m.•8 views

Vulnerabilities fixed in Citrix products

Several vulnerabilities have been fixed in Citrix products. The vulnerability with reference CVE-2023-24483 is located in Citrix Virtual Apps and Desktops Windows VDAs. An authenticated malicious party could potentially exploit this vulnerability to obtain elevated privileges within a Windows VDA...

7.8CVSS8AI score0.00265EPSS
Exploits1
NCSC
NCSC
•added 2023/02/14 12:0 a.m.•7 views

Vulnerabilities fixed in ImageMagick

Several vulnerabilities have been fixed in ImageMagick. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or to gain access to sensitive data. To do this, the malicious party must have a specially prepared file to be processed by ImageMagick. Canonical h...

6.5CVSS7AI score0.89855EPSS
Exploits31
NCSC
NCSC
•added 2023/02/14 12:0 a.m.•66 views

Vulnerabilities fixed in SAP products

SAP has released updates for several products, including SAP BASIS, Netweaver, HAMA, Business Planning & Consolidation, SAP CRM and SAP Solution Manager. A malicious party could potentially exploit and cause damage in the following categories: Cross-Site Scripting XSS Bypassing authentication...

9.1CVSS6.8AI score0.00855EPSS
Exploits0
NCSC
NCSC
•added 2023/02/14 12:0 a.m.•10 views

Vulnerabilities fixed in Microsoft Exchange

Microsoft has fixed vulnerabilities in Exchange Server. A authenticated malicious person could exploit the vulnerabilities to execute arbitrary code under permissions from the process of Exchange Server itself. As a rule, Exchange Server runs with restricted privileges. Microsoft Exchange Server:...

8.8CVSS7AI score0.8202EPSS
Exploits0
NCSC
NCSC
•added 2023/02/14 12:0 a.m.•6 views

Vulnerabilities fixed in Apple macOS, iOS, iPadOS and Safari

Apple has fixed vulnerabilities in macOS Ventura, iOS, iPadOS and Safari for Big Sur and Monterey. A malicious party could exploit vulnerabilities to execute arbitrary code, or to gain access to sensitive data. To execute code with kernel privileges, or to gain access to sensitive data, the...

8.8CVSS7.5AI score0.09426EPSS
Exploits0
NCSC
NCSC
•added 2023/02/14 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office components. For an overview of the vulnerabilities, see list below. The most serious vulnerability is in MS Word and has attribute CVE-2023-21716 assigned. This vulnerability allows a remote malicious person to execute arbitrary code with user...

9.8CVSS7AI score0.82302EPSS
Exploits11
NCSC
NCSC
•added 2023/02/14 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. The vulnerabilities allow a malicious person to carry out attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights Access to...

9.8CVSS7.1AI score0.43172EPSS
Exploits0
NCSC
NCSC
•added 2023/02/14 12:0 a.m.•4 views

Vulnerabilities fixed in Microsoft Edge

Microsoft has fixed vulnerabilities in Edge Chromium Based. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to execute code in the context of the browser. However, the malicious party must entice the victim to open malicious content. Microsoft Edge...

8.3CVSS6.9AI score0.01219EPSS
Exploits0
NCSC
NCSC
•added 2023/02/14 12:0 a.m.•20 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in several Developer tools. A malicious party could exploit the vulnerabilities to cause a denial-of-service, to grant himself elevated privileges granted, or to execute arbitrary code with privileges of the victim. To do this, the malicious party must entice t...

7.8CVSS7.8AI score0.01408EPSS
Exploits0
NCSC
NCSC
•added 2023/02/14 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft SQL Server

Microsoft has fixed vulnerabilities in SQL Server and Power BI. An authenticated malicious person could exploit the vulnerabilities to execute arbitrary code, possibly with permissions from the server process itself. SQL Server: |----------------|------|-------------------------------------| | CV...

8.8CVSS7.6AI score0.01755EPSS
Exploits0
NCSC
NCSC
•added 2023/02/14 12:0 a.m.•6 views

Vulnerabilities fixed in IBM Qradar SIEM

IBM has fixed several vulnerabilities in Qradar SIEM. The vulnerabilities are in underlying third-party products and have been previously fixed by the relevant developers and already previously described in previous security advisories. IBM is now bundling these updates now in the latest version ...

9.8CVSS6.2AI score0.06451EPSS
Exploits6
NCSC
NCSC
•added 2023/02/14 12:0 a.m.•26 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several components of Azure. For an overview of the vulnerabilities, see the following list. Azure App Service: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

8.7CVSS6.4AI score0.03115EPSS
Exploits0
NCSC
NCSC
•added 2023/02/14 12:0 a.m.•95 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in Scalance, among others, TIA, SiPass, SIMATIC, COMOS, Brownfield, JT Open Toolkit, Mendix, RuggedCom and Solid Edge. The vulnerabilities would allow a malicious potentially able to launch attacks that result in the following categories of damage:...

10CVSS7.3AI score0.83223EPSS
Exploits7
NCSC
NCSC
•added 2023/02/10 12:0 a.m.•2 views

Vulnerability fixed in Red Hat OpenShift

Red Hat has fixed a vulnerability in the OpenShift Container Platform. The vulnerability is located in the Maven subsystem and allows an unauthenticated malicious person to apply command injections and execute shell commands with permissions from the underlying application. Red Hat has released...

9.8CVSS7.3AI score0.04031EPSS
Exploits0
NCSC
NCSC
•added 2023/02/09 12:0 a.m.•4 views

Vulnerabilities fixed in IBM DB2

IBM has fixed vulnerabilities in DB2. A malicious person could exploit the vulnerabilities to cause a denial-of-service, or to gain access to sensitive data. IBM has released updates to fix the vulnerabilities in DB2 10.5, 11.1 and 11.5. For more information and the related FixPacks, see:...

7.5CVSS6.8AI score0.00739EPSS
Exploits0
NCSC
NCSC
•added 2023/02/09 12:0 a.m.•3 views

Vulnerabilities fixed in OpenSSL

The developers of OpenSSL have fixed several vulnerabilities fixed. A malicious party could exploit the vulnerabilities to cause a denial-of-service by offering manipulated certificates causing the OpenSSL system to crash. Under specially prepared circumstances, where the malicious party has...

7.5CVSS6.7AI score0.59501EPSS
Exploits0
NCSC
NCSC
•added 2023/02/09 12:0 a.m.•11 views

Vulnerability fixed in Red Hat Fuse

Red Hat has fixed a vulnerability in Fuse 7. The vulnerability is located in the Hazelcast integrated in Fuse Connection Cache and allows an unauthenticated malicious agent to able to manipulate data in the cluster without prior authentication or authorization. Red Hat has released updates to fix...

9.1CVSS7AI score0.01021EPSS
Exploits0
NCSC
NCSC
•added 2023/02/09 12:0 a.m.•3 views

Vulnerability fixed in phpMyAdmin

A vulnerability has been fixed in phpMyAdmin. A authenticated malicious party can exploit the vulnerability for a cross-site scripting attack via uploading a rogue .sql file. Such an attack may result in the execution of arbitrary code under the scope of the browser of the victim. In this...

6.3AI score
Exploits0
NCSC
NCSC
•added 2023/02/09 12:0 a.m.•4 views

Vulnerabilities fixed in Google Chrome

Google has fixed several vulnerabilities in Google Chrome. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to system...

8.8CVSS7.6AI score0.00883EPSS
Exploits0
NCSC
NCSC
•added 2023/02/07 12:0 a.m.•11 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Unisoc and Mediatek. The vulnerabilities potentially enable a malicious party to perform attacks that result in the following categories...

9.8CVSS6.9AI score0.03763EPSS
Exploits14
NCSC
NCSC
•added 2023/02/06 12:0 a.m.•6 views

Vulnerability fixed in Dell EMC Networker

Dell has fixed a vulnerability in EMC Networker client. A unauthenticated malicious person could exploit the vulnerability to execute arbitrary code with application privileges. The vulnerability can be exploited when the Networker Client uses the oldauth authentication method. Dell has released...

9.8CVSS7.5AI score0.0103EPSS
Exploits0
NCSC
NCSC
•added 2023/02/06 12:0 a.m.•9 views

Vulnerabilities fixed in IBM Aspera Faspex

IBM has fixed vulnerabilities in Aspera Faspex. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of security measure Accessing system data The...

10CVSS6.5AI score0.99968EPSS
Exploits9
NCSC
NCSC
•added 2023/02/06 12:0 a.m.•7 views

Vulnerability fixed in Dell Repository Manager

Dell has fixed a vulnerability in Repository Manager. A local malicious person could exploit the vulnerability to execute arbitrary code on the underlying operating system. The vulnerability can be exploited during the installation of systems. Dell has released updates to fix the vulnerability in...

7.8CVSS7.4AI score0.00132EPSS
Exploits0
NCSC
NCSC
•added 2023/02/03 12:0 a.m.•7 views

Vulnerabilities fixed in GitLab CE and EE

Vulnerabilities have been fixed in GitLab Enterprise Edition EE and Community Edition CE. The vulnerabilities potentially enable a malicious party to perform a Cross-Site Request Forgery XSRF and/or a possible denial-of-service DoS exploit. GitLab has released updates to fix the vulnerabilities i...

8.1CVSS7AI score0.01247EPSS
Exploits0
NCSC
NCSC
•added 2023/02/03 12:0 a.m.•4 views

Vulnerability fixed in Trend Micro Apex One

A vulnerability has been fixed in Trend Micro Apex One. A unauthenticated remote malicious person can exploit the vulnerability exploit it to cause a denial-of-service DoS. Trend Micro has released updates to fix the vulnerability. fix. For more information, see:...

9.1CVSS6.8AI score0.59585EPSS
Exploits0
NCSC
NCSC
•added 2023/02/03 12:0 a.m.•26 views

Vulnerability fixed in VMWare Workstation

VMWare has fixed a vulnerability in VMWare Workstation. A local malicious party could exploit the vulnerability to remove arbitrary delete files from the system on which Workstation is installed. VMWare has released updates to fix the vulnerability in Workstation 17.0.1. For more information, see...

8.4CVSS6.8AI score0.00294EPSS
Exploits0
NCSC
NCSC
•added 2023/02/02 12:0 a.m.•3 views

Vulnerability fixed in Cisco Prime Infrastructure

Cisco has fixed a vulnerability in the Web-based management interface of Prime Infrastructure. An unauthenticated malicious person with access to the management environment can exploit the exploit the vulnerability to perform a cross-site scripting XSS attack. Such an attack can lead to execution...

6.1CVSS6.7AI score0.0047EPSS
Exploits0
NCSC
NCSC
•added 2023/02/02 12:0 a.m.•6 views

Vulnerability fixed in Atlassian Jira

Atlassian has fixed a vulnerability in Jira Service Management Server and Data Center. The vulnerability allows a malicious party able to obtain a user's signup token and thus obtain a user's signup token and thereby bypass authentication. To obtain a signup token, a malicious party must gain...

9.4CVSS6.9AI score0.15978EPSS
Exploits0
Total number of security vulnerabilities4209