Lucene search
+L

4209 matches found

NCSC
NCSC
•added 2022/10/19 12:0 a.m.•13 views

Vulnerabilities fixed in Oracle Fusion Middleware

Vulnerabilities have been fixed in Oracle Fusion Middleware. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...

9.8CVSS8.2AI score0.99298EPSS
Exploits23
NCSC
NCSC
•added 2022/10/19 12:0 a.m.•11 views

Vulnerabilities fixed in Oracle Siebel CRM

Vulnerabilities have been fixed in Oracle Siebel CRM. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Oracle has fixed vulnerabilities in the...

9.3CVSS7AI score0.42229EPSS
Exploits3
NCSC
NCSC
•added 2022/10/18 12:0 a.m.•9 views

Vulnerability fixed in Apache Commons Text

A vulnerability has been fixed in Apache Commons Text. The vulnerability allows an unauthenticated remote malicious person potentially able to execute arbitrary code with the privileges of the vulnerable application. To do so, a malicious person must have specific text processed by the vulnerable...

9.8CVSS9.3AI score0.99931EPSS
Exploits42
NCSC
NCSC
•added 2022/10/18 12:0 a.m.•4 views

Vulnerabilities fixed in Mozilla Firefox and Firefox ESR

Mozilla has fixed several vulnerabilities in Firefox and Firefox ESR. A malicious party could potentially exploit the vulnerabilities to collect system data or cause a denial-of-service. To the vulnerability with attribute CVE-2022-42928, Mozilla assigns the impact 'High' and could lead to memory...

8.8CVSS7.1AI score0.0083EPSS
Exploits0
NCSC
NCSC
•added 2022/10/17 12:0 a.m.•4 views

Vulnerabilities fixed in OTRS

OTRS developers have fixed vulnerabilities in OTRS 7 and 8. A malicious party could exploit them to perform a denial-of-service DoS or to gain access to sensitive data. To perform the denial-of-service, the malicious need not be remotely authenticated. OTRS has released updates to fix the...

7.5CVSS6.9AI score0.00562EPSS
Exploits0
NCSC
NCSC
•added 2022/10/14 12:0 a.m.•5 views

Vulnerabilities fixed in Ivanti Connect Secure

Vulnerabilities have been fixed in Ivanti Connect Secure. The vulnerabilities allow an unauthenticated remote malicious person to remotely capable of causing a denial-of-service. At this time, Ivanti has made very little additional information made available. Ivanti has released updates to fix th...

7.5CVSS7AI score0.02515EPSS
Exploits0
NCSC
NCSC
•added 2022/10/14 12:0 a.m.•4 views

Vulnerabilities fixed in Mitel MiVoice Connect

Vulnerabilities have been fixed in the Director and Mitel Edge Gateway components Mitel MiVoice Connect. The vulnerability with reference CVE-2022-40765 allows an authenticated malicious person with access to the internal network able to inject rogue commands with administrator privileges within...

6.8CVSS8AI score0.10571EPSS
Exploits0
NCSC
NCSC
•added 2022/10/14 12:0 a.m.•50 views

Vulnerability fixes in Juniper Junos OS and Junos OS Evolved

Vulnerabilities have been fixed in Juniper Junos OS and Junos OS Evolved. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User...

9.8CVSS7.7AI score0.02468EPSS
Exploits0
NCSC
NCSC
•added 2022/10/13 12:0 a.m.•2 views

Vulnerability fixed in LibreOffice

A vulnerability has been fixed in LibreOffice. The vulnerability allows a malicious party to execute arbitrary code on the victim's system. To do this, the malicious party must trick the victim into to open a specially prepared file. Along this path execute macro code without warning. The Documen...

6.3CVSS7.4AI score0.04354EPSS
Exploits0
NCSC
NCSC
•added 2022/10/13 12:0 a.m.•5 views

Vulnerabilities fixed in Trellix ePolicy Orchestrator

Vulnerabilities have been fixed in Trellix ePolicy Orchestrator. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights. Access to system data For the vulnerabili...

6.1CVSS7AI score0.00558EPSS
Exploits0
NCSC
NCSC
•added 2022/10/13 12:0 a.m.•7 views

Vulnerability fixed in Palo Alto PAN-OS

Palo Alto has fixed a vulnerability in PAN-OS. The vulnerability allows a malicious person to remotely bypass authentication and impersonate an existing PAN-OS Administrator. This allows the malicious party with administrator privileges to perform actions and execute arbitrary code. Palo Alto...

8.1CVSS7.4AI score0.0083EPSS
Exploits0
NCSC
NCSC
•added 2022/10/13 12:0 a.m.•8 views

Vulnerabilities fixed in Bentley View and MicroStation

Vulnerabilities have been fixed in Bentley View and MicroStation. The vulnerabilities allow a malicious party to access system data and to execute arbitrary code under the user's privileges. To do this, the malicious party must trick the victim into running open a rogue SKP, XMT, or FBX file. It ...

7.8CVSS7.5AI score0.00649EPSS
Exploits2
NCSC
NCSC
•added 2022/10/13 12:0 a.m.•8 views

Vulnerabilities fixed in Dell BIOS

Vulnerabilities have been fixed in the BIOS of Dell products. The vulnerabilities allow a malicious person to execute arbitrary execute arbitrary code under administrator privileges and manipulate data manipulate data. To exploit the vulnerabilities, an authenticated malicious party must have...

8.2CVSS7.7AI score0.00229EPSS
Exploits0
NCSC
NCSC
•added 2022/10/12 12:0 a.m.•7 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive dat...

8.8CVSS6.9AI score0.56269EPSS
Exploits0
NCSC
NCSC
•added 2022/10/12 12:0 a.m.•7 views

Vulnerabilities fixed in Microsoft Azure

Vulnerabilities have been fixed in Microsoft Azure. The vulnerabilities allow a malicious party to obtain elevated privileges obtain or to impersonate another user. The vulnerability with attribute CVE-2022-37968 has a CVSS of 10.0. If an unauthenticated malicious person uses the randomly generat...

10CVSS6.5AI score0.19762EPSS
Exploits0
NCSC
NCSC
•added 2022/10/12 12:0 a.m.•8 views

Vulnerabilities fixed in Microsoft Developer Tools

Vulnerabilities have been fixed in Microsoft Developer Tools. The vulnerabilities allow a local malicious person to perform attacks that result in the following categories of damage: Remote code execution User rights. Access to sensitive data Increased user privileges The tables below provide an...

7.8CVSS7.6AI score0.67469EPSS
Exploits3
NCSC
NCSC
•added 2022/10/12 12:0 a.m.•55 views

Vulnerabilities fixed in Adobe products

Vulnerabilities have been fixed in Adobe products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution...

10CVSS7.5AI score0.80023EPSS
Exploits0
NCSC
NCSC
•added 2022/10/12 12:0 a.m.•13 views

Vulnerabilities fixed in Microsoft Office

Vulnerabilities have been fixed in the Microsoft Office. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Remote code execution User Rights Spoofing Access to sensitive data The tables below provide an overview of the vulnerabilitie...

8.8CVSS7.2AI score0.76397EPSS
Exploits1
NCSC
NCSC
•added 2022/10/12 12:0 a.m.•4 views

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to perform a denial-of-service DoS and execute arbitrary code under the user's privileges to execute. To do this, the malicious party must induce the victim to visit a malicious web page to visit. As...

8.8CVSS7.8AI score0.00683EPSS
Exploits0
NCSC
NCSC
•added 2022/10/12 12:0 a.m.•5 views

Vulnerabilities fixed in Citrix Hypervisor

Several vulnerabilities have been fixed in Citrix Hypervisor. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service attack. To exploit the vulnerability with reference CVE-2022-33748, two malicious virtual machines need to two rogue virtual machines to work...

5.6CVSS6.9AI score0.00877EPSS
Exploits0
NCSC
NCSC
•added 2022/10/11 12:0 a.m.•13 views

Vulnerability fixed in Apple iOS

Apple has fixed a vulnerability in iOS 16. A malicious person could potentially exploit the vulnerability to use a rogue email to effect a crash. At this time, very little information has been shared by Apple about the vulnerability. Also, nothing has been disclosed about possible active misuse a...

6.5CVSS6.2AI score0.008EPSS
Exploits0
NCSC
NCSC
•added 2022/10/11 12:0 a.m.•5 views

Vulnerabilities fixed in SAP products

SAP has released updates to fix the vulnerabilities. For more information, see: https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10...

7.8CVSS6.8AI score0.00752EPSS
Exploits0
NCSC
NCSC
•added 2022/10/11 12:0 a.m.•11 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in RUGGEDCOM, among others, SCALANCE, SIMATIC, and Logo! products. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of...

9.8CVSS7.8AI score0.70561EPSS
Exploits2
NCSC
NCSC
•added 2022/10/10 12:0 a.m.•5 views

Vulnerability fixed in FortiGate and FortiProxy

Fortinet has fixed a vulnerability in FortiGate and FortiProxy. An unauthenticated malicious party could potentially exploit the vulnerability potentially exploit it to bypass authentication on the management interface and thus perform actions perform actions normally reserved for authenticated...

9.8CVSS6.8AI score0.99984EPSS
Exploits25
NCSC
NCSC
•added 2022/10/10 12:0 a.m.•37 views

Vulnerabilities fixed in Trend Micro Apex One

Vulnerabilities have been fixed in Trend Micro Apex One. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Increased user privileges To exploit the vulnerabilities, a...

9.1CVSS7.6AI score0.00971EPSS
Exploits0
NCSC
NCSC
•added 2022/10/07 12:0 a.m.•4 views

Vulnerabilities fixed in Rockwell FactoryTalk Vantagepoint

Rockwell Automation has fixed two vulnerabilities in FactoryTalk Vantagepoint. A malicious person with limited privileges could exploit the vulnerabilities to use SQL injection to gain access gain access to sensitive data and execute arbitrary code on the underlying SQL Database. Rockwell...

8.8CVSS8.5AI score0.03161EPSS
Exploits0
NCSC
NCSC
•added 2022/10/06 12:0 a.m.•5 views

Vulnerability fixed in Cisco Jabber

Cisco has fixed a vulnerability in the Jabber clients for Windows, macOS, iOS and Android. A malicious party could potentially exploit the vulnerability to use nested XMPP messages to manipulate the behavior of the vulnerable client and thus potentially gain access to sensitive data or, as Cisco...

4.3CVSS7.4AI score0.00887EPSS
Exploits0
NCSC
NCSC
•added 2022/10/06 12:0 a.m.•6 views

Vulnerabilities fixed in Cisco TelePresence

Cisco has fixed vulnerabilities in Telepresence Video Communication Server and Touch10 systems. A malicious party could exploit the vulnerabilities in the Telepresence VCS exploited to gain access to sensitive information through cause a Cross-Site-Request-Forgery or a Denial-of-Service. cause...

7.4CVSS6.8AI score0.00897EPSS
Exploits0
NCSC
NCSC
•added 2022/10/06 12:0 a.m.•4 views

Vulnerability fixed in Cisco Secure Web Appliance

Cisco has fixed a vulnerability in its Secure Web Appliance. It affects both the hardware and virtual versions. An unauthenticated malicious person located in the internal network is in the internal network can exploit the vulnerability to bypass filters and thus route traffic from a rogue server...

5.3CVSS6.9AI score0.00678EPSS
Exploits0
NCSC
NCSC
•added 2022/10/05 12:0 a.m.•5 views

Vulnerability fixed in BVMS Operator Client

Bosch has fixed a vulnerability in the Bosch Video Management System BVMS. When using cameras of type CPP13 and/or CPP14.x, a malicious party can access gain access to the video stream through a Man-in-the-middle attack. The vulnerability is in the encryption of the UDP traffic, which fails under...

7.4CVSS7AI score0.00306EPSS
Exploits0
NCSC
NCSC
•added 2022/10/04 12:0 a.m.•9 views

Vulnerabilities fixed in Aruba ArubaOS and InstantOS

Aruba Networks has fixed vulnerabilities in ArubaOS and InstantOS, which are used in various access points from Aruba Networks. A malicious party can exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code execute arbitrary code on the vulnerable system. To cause a...

9.8CVSS7.9AI score0.23061EPSS
Exploits1
NCSC
NCSC
•added 2022/10/04 12:0 a.m.•9 views

Vulnerabilities fixed in SUSE Linux Enterprise

Vulnerabilities have been fixed in the Linux kernel as used by SUSE Linux Enterprise. A local, authenticated malicious party can exploit the vulnerabilities to execute arbitrary code, causing a denial-of-service or obtaining elevated privileges. SUSE has made updates available to fix the...

7.8CVSS5.8AI score0.01039EPSS
Exploits1
NCSC
NCSC
•added 2022/10/04 12:0 a.m.•3 views

Vulnerabilities fixed in Debian

Vulnerabilities have been fixed in the Linux kernel as used by Debian. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to...

7.8CVSS7.2AI score0.12746EPSS
Exploits18
NCSC
NCSC
•added 2022/10/04 12:0 a.m.•70 views

Vulnerabilities fixed in Google Android and Samsung Devices

Google has fixed several vulnerabilities in Google Android. A malicious party can exploit the vulnerabilities to cause the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data Access to system data...

9.8CVSS7.2AI score0.00693EPSS
Exploits1
NCSC
NCSC
•added 2022/10/03 12:0 a.m.•8 views

Vulnerabilities fixed in IBM Tivoli Monitoring

IBM has fixed vulnerabilities in Tivoli Monitoring. The vulnerabilities are in underlying software, such as Java Runtime, zlib and Eclipse and allow a malicious person to cause a denial-of-service, or to gain access to sensitive data. IBM has released updates to fix the vulnerabilities in Tivoli...

7.5CVSS8.1AI score0.52063EPSS
Exploits1
NCSC
NCSC
•added 2022/10/03 12:0 a.m.•2 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A unauthenticated malicious person could exploit the vulnerabilities to cause a denial-of-service or possibly to execute arbitrary code. As usual, no substantive details about the vulnerabilities publicly available made available. Google has released...

8.8CVSS7.3AI score0.00713EPSS
Exploits0
NCSC
NCSC
•added 2022/09/30 12:0 a.m.•3 views

Vulnerabilities found in GE Cimplicity

The Zero Day Initiative has published information about vulnerabilities in GE's Cimplicity have been published. The vulnerabilities occur during the processing of CIM files. Due to lack of proper initialization of the pointer, a malicious party can execute arbitrary code execute arbitrary code...

7.5AI score
Exploits0
NCSC
NCSC
•added 2022/09/30 12:0 a.m.•55 views

Vulnerabilities fixed in GitLab Community Edition (CE) and Enterprise Edition (EE).

GitLab has fixed vulnerabilities in Community Edition CE and Enterprise Edition EE. The vulnerabilities allow a malicious able to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution User Rights Access to sensitiv...

7.5CVSS8.5AI score0.02546EPSS
Exploits1
NCSC
NCSC
•added 2022/09/30 12:0 a.m.•3 views

Vulnerability fixed in Expat

A vulnerability has been fixed in Expat. A malicious person can cause a use-after-free in libexpat via the doContent function in xmlparse.c. Misuse of the vulnerability potentially results in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution Use...

8.1CVSS8.9AI score0.0176EPSS
Exploits0
NCSC
NCSC
•added 2022/09/30 12:0 a.m.•5 views

Vulnerabilities found in Xpdf

Vulnerabilities have been fixed in Xpdf. The vulnerabilities allow a malicious person to cause a denial-of-service. For the vulnerabilities, Proof-of-Concept code is publicly available. The developers of Xpdf give no indication that any actively observed misuse as well. At the time of writing thi...

5.5CVSS7.3AI score0.00398EPSS
Exploits3
NCSC
NCSC
•added 2022/09/30 12:0 a.m.•4 views

Vulnerability fixed in Drupal

A vulnerability has been fixed in Drupal Core. The vulnerability is located in Twig. Drupal Core uses Twig as its template engine. The vulnerability allows a malicious person who has elevated privileges to obtain sensitive data. At the time of writing this security advisory, there is still no kno...

6.3AI score
Exploits0
NCSC
NCSC
•added 2022/09/30 12:0 a.m.•4 views

Vulnerabilities fixed in IBM MQ

Vulnerabilities have been fixed in IBM MQ. The vulnerabilities allow a malicious party to bypass a command measure bypass and perform a denial-of-service DoS. IBM has released updates to fix the vulnerabilities in MQ. For more information, see: https://www.ibm.com/support/pages/node/6823767...

7.5CVSS7.5AI score0.52063EPSS
Exploits1
NCSC
NCSC
•added 2022/09/30 12:0 a.m.•2 views

Vulnerability found in Zimbra Collaboration

A vulnerability has been fixed in Zimbra Collaboration Suite ZCS. The vulnerability allows a malicious party to launch attacks execute attacks that result in the following categories of damage: Manipulation of data. Bypassing authentication Remote code execution Administrator/Root privileges The...

9.8CVSS7.5AI score0.95478EPSS
Exploits7
NCSC
NCSC
•added 2022/09/30 12:0 a.m.•7 views

Vulnerabilities found in Microsoft Exchange Sever

GTSC, a Vietnamese security company has found vulnerabilities in Microsoft Exchange Server 1. The vulnerabilities allow a malicious party able to execute a Server-Side Request Forgery and to execute arbitrary code. The vulnerabilities have similarities to the Exchange vulnerability from 2021 call...

8.8CVSS7.8AI score0.9997EPSS
Exploits16
NCSC
NCSC
•added 2022/09/29 12:0 a.m.•6 views

Vulnerabilities fixed in SolarWinds Orion

Vulnerabilities have been fixed in SolarWinds Orion. The vulnerabilities allow an authenticated malicious person with access to the network is able to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights SQL Injection Access t...

8.8CVSS7.1AI score0.75174EPSS
Exploits0
NCSC
NCSC
•added 2022/09/29 12:0 a.m.•7 views

Vulnerabilities fixed in Matrix SDKs

Matrix has fixed vulnerabilities in the following SDKs; matrix-js-sdk, matrix-ios-sdk and matrix-android-sdk2. These SDKs are used in a number of Matrix-based clients including the popular Element. The vulnerabilities allow a malicious able to perform attacks that result in the following categori...

8.6CVSS7AI score0.01047EPSS
Exploits0
NCSC
NCSC
•added 2022/09/29 12:0 a.m.•6 views

Vulnerabilities fixed in Autodesk AutoCAD and Design Review

Vulnerabilities have been fixed in Autodesk AutoCAD and Design Review. The vulnerabilities allow a malicious party to execute arbitrary code by having AutoCAD and Design Review process a rogue file to be processed. Autodesk has released updates to address the vulnerabilities. fix. More informatio...

7.8CVSS7.4AI score0.02485EPSS
Exploits0
NCSC
NCSC
•added 2022/09/29 12:0 a.m.•4 views

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution...

8.6CVSS7.5AI score0.01113EPSS
Exploits0
NCSC
NCSC
•added 2022/09/28 12:0 a.m.•7 views

Vulnerabilities fixed in IBM WebSphere Application Server and QRadar

IBM has fixed vulnerabilities in WebSphere Application Server and QRadar User Behavior Analytics. The vulnerabilities allow a malicious party able to gain access to system data or execute a Server-Side Request Forgery. Both vulnerabilities require that a malicious party already has access to the...

6.5CVSS6.8AI score0.00491EPSS
Exploits0
NCSC
NCSC
•added 2022/09/28 12:0 a.m.•2 views

Vulnerabilities fixed in Google Chrome

Google vulnerabilities fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights As usual, Google has published few details about...

8.8CVSS7.5AI score0.00616EPSS
Exploits6
Total number of security vulnerabilities4209