CISA: Ivanti Releases Security Updates for EPMM to address CVE-2023-35081
Ivanti Releases Security Updates for EPMM to address CVE-2023-35081 Ivanti has identified and released patches for a directory traversal vulnerability(link...
Month: July 2023
CISA: CISA and Partners Release Joint Cybersecurity Advisory on Preventing Web Application Access Control Abuse
CISA and Partners Release Joint Cybersecurity Advisory on Preventing Web Application Access Control Abuse The Australian Signals Directorate’s Australian Cyber...
CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...
CISA: CISA Releases Five Industrial Control Systems Advisories
CISA Releases Five Industrial Control Systems Advisories CISA released five Industrial Control Systems (ICS) advisories on July 27, 2023. These...
CISA: CISA Releases Malware Analysis Reports on Barracuda Backdoors
CISA Releases Malware Analysis Reports on Barracuda Backdoors CISA has published three malware analysis reports on malware variants associated with...
PaddlePaddle denial of service | CVE-2023-38670
NAME__________PaddlePaddle denial of servicePlatforms Affected:PaddlePaddle PaddlePaddle 2.4.0-rc0Risk Level:5.3Exploitability:Proof of ConceptConsequences:Denial of Service DESCRIPTION__________PaddlePaddle is vulnerable to a denial of service,...
Check Point Quantum Appliances privilege escalation | CVE-2023-28130
NAME__________Check Point Quantum Appliances privilege escalationPlatforms Affected:Check Point Quantum Appliances R80.20SP Check Point Quantum Appliances R80.30SP Check Point Quantum Appliances...
PaddlePaddle denial of service | CVE-2023-38672
NAME__________PaddlePaddle denial of servicePlatforms Affected:PaddlePaddle PaddlePaddle 2.4.0-rc0Risk Level:5.3Exploitability:Proof of ConceptConsequences:Denial of Service DESCRIPTION__________PaddlePaddle is vulnerable to a denial of service,...
IBM Security Verify Governance command execution | CVE-2023-35019
NAME__________IBM Security Verify Governance command executionPlatforms Affected:IBM Security Verify Governance 10.0Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________IBM Security Verify Governance, Identity Manager 10.0...
SEO Alert plugin for WordPress cross-site scripting | CVE-2023-2225
NAME__________SEO Alert plugin for WordPress cross-site scriptingPlatforms Affected:WordPress SEO Alert plugin for WordPress 1.59Risk Level:4.8Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________SEO Alert plugin for...
Drop Shadow Boxes Plugin for WordPress cross-site scripting | CVE-2023-23833
NAME__________Drop Shadow Boxes Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Drop Shadow Boxes Plugin for WordPress 1.7.10Risk Level:6.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Drop Shadow...
Trustwave ModSecurity denial of service | CVE-2023-38285
NAME__________Trustwave ModSecurity denial of servicePlatforms Affected:Trustwave ModSecurity 3.0.0Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Trustwave ModSecurity is vulnerable to a denial of service,...
Envoy denial of service | CVE-2023-35942
NAME__________Envoy denial of servicePlatforms Affected:Envoy Envoy 1.26.2 Envoy Envoy 1.25.7 Envoy Envoy 1.24.8 Envoy Envoy 1.23.10 Envoy Envoy 1.26.3 Envoy...
Vyper weak security | CVE-2023-37902
NAME__________Vyper weak securityPlatforms Affected:Vyper Vyper 0.3.9Risk Level:5.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Vyper could provide weaker than expected security, caused by a flaw in...
IBM Security Verify Governance path traversal | CVE-2023-35016
NAME__________IBM Security Verify Governance path traversalPlatforms Affected:IBM Security Verify Governance 10.0Risk Level:6.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________IBM Security Verify Governance, Identity Manager 10.0...
Trellix ePolicy Orchestrator cross-site scripting | CVE-2023-3946
NAME__________Trellix ePolicy Orchestrator cross-site scriptingPlatforms Affected:Trellix ePolicy Orchestrator 5.10.0 SP1 Trellix ePolicy Orchestrator 5.10.0Risk Level:5.4Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Trellix ePolicy Orchestrator is...
SumatraPDF Reader denial of service | CVE-2023-33802
NAME__________SumatraPDF Reader denial of servicePlatforms Affected:SumatraPDF Reader 3.4.6Risk Level:3.3Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________SumatraPDF Reader is vulnerable to a denial of service,...
Envoy security bypass | CVE-2023-35943
NAME__________Envoy security bypassPlatforms Affected:Envoy Envoy 1.26.2 Envoy Envoy 1.25.7 Envoy Envoy 1.24.8 Envoy Envoy 1.23.10 Envoy Envoy 1.26.3 Envoy Envoy...
WP Brutal AI plugin for WordPress cross-site scripting | CVE-2023-2606
NAME__________WP Brutal AI plugin for WordPress cross-site scriptingPlatforms Affected:WordPress WP Brutal AI plugin for WordPress 2.05Risk Level:4.8Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________WP Brutal...
VirtueMart component for Joomla! for SQL injection |
NAME__________VirtueMart component for Joomla! for SQL injectionPlatforms Affected:Joomla! VirtueMart component for Joomla! 2.6.12.2Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________VirtueMart component for Joomla! is...
JSN Gruve Pro component for Joomla! directory traversal |
NAME__________JSN Gruve Pro component for Joomla! directory traversalPlatforms Affected:Joomla! JSN Gruve Pro component for Joomla! 2.1.0Risk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________JSN Gruve...
Jomestate component for Joomla! for SQL injection |
NAME__________Jomestate component for Joomla! for SQL injectionPlatforms Affected:Joomla! Jomestate component for Joomla! 4.0Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Jomestate component for Joomla! is...
Availability Booking Calendar PHP cross-site scripting |
NAME__________Availability Booking Calendar PHP cross-site scriptingPlatforms Affected:Availability Booking Calendar PHP Availability Booking Calendar PHPRisk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Availability Booking Calendar PHP...
TeleAdapt RoomCast TA2400 security bypass | CVE-2023-33744
NAME__________TeleAdapt RoomCast TA2400 security bypassPlatforms Affected:TeleAdapt RoomCast TA-2400 2.00 TeleAdapt RoomCast TA-2400 3.00 TeleAdapt RoomCast TA-2400 3.1+Risk Level:5.9Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________TeleAdapt...
