Month: August 2023

Jenkins Tuleap Authentication Plugin information disclosure | CVE-2023-40343

August 17, 2023

NAME__________Jenkins Tuleap Authentication Plugin information disclosurePlatforms Affected:Jenkins Tuleap Authentication Plugin 1.1.20Risk Level:3.7Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Jenkins Tuleap Authentication Plugin could allow a...

Cisco Intersight Virtual Appliance security bypass | CVE-2023-20221

August 17, 2023

NAME__________Cisco Intersight Virtual Appliance security bypassPlatforms Affected:Cisco Intersight Virtual ApplianceRisk Level:4.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Cisco Intersight Virtual Appliance could allow a remote...

Jenkins Fortify Plugin cross-site request forgery | CVE-2023-4301

August 17, 2023

NAME__________Jenkins Fortify Plugin cross-site request forgeryPlatforms Affected:Jenkins Fortify Plugin 22.1.38Risk Level:3.7Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Jenkins Fortify Plugin is vulnerable to cross-site request...

Cisco Unified Contact Center Express spoofing | CVE-2023-20232

August 17, 2023

NAME__________Cisco Unified Contact Center Express spoofingPlatforms Affected:Cisco Unified Contact Center ExpressRisk Level:5.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Cisco Unified Contact Center Express could allow...

Jenkins Fortify Plugin security bypass | CVE-2023-4302

August 17, 2023

NAME__________Jenkins Fortify Plugin security bypassPlatforms Affected:Jenkins Fortify Plugin 22.1.38Risk Level:4.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Jenkins Fortify Plugin could allow a remote authenticated attacker...

Jenkins Fortify Plugin HTML injection | CVE-2023-4303

August 17, 2023

NAME__________Jenkins Fortify Plugin HTML injectionPlatforms Affected:Jenkins Fortify Plugin 22.1.38Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Jenkins Fortify Plugin is vulnerable to HTML injection. A...

Cisco ClamAV denial of service | CVE-2023-20197

August 17, 2023

NAME__________Cisco ClamAV denial of servicePlatforms Affected:ClamAV ClamAVRisk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Cisco ClamAV is vulnerable to a denial of service, caused...

Jenkins Folders Plugin information disclosure | CVE-2023-40338

August 17, 2023

NAME__________Jenkins Folders Plugin information disclosurePlatforms Affected:Jenkins Folders Plugin 6.846.v23698686f0f6Risk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Jenkins Folders Plugin could allow a remote authenticated attacker...

Google ChromeOS security bypass | CVE-2023-4369

August 17, 2023

NAME__________Google ChromeOS security bypassPlatforms Affected:Google ChromeOS 116.0Risk Level:6.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Google ChromeOS could allow a remote attacker to bypass security restrictions,...

Cisco Duo Device Health Application for Windows directory traversal | CVE-2023-20229

August 17, 2023

NAME__________Cisco Duo Device Health Application for Windows directory traversalPlatforms Affected:Cisco Duo Device Health Application for WindowsRisk Level:7.1Exploitability:UnprovenConsequences:File Manipulation DESCRIPTION__________Cisco Duo...

Jenkins Delphix Plugin information disclosure | CVE-2023-40344

August 17, 2023

NAME__________Jenkins Delphix Plugin information disclosurePlatforms Affected:Jenkins Delphix Plugin 3.0.2Risk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Jenkins Delphix Plugin could allow a remote authenticated attacker...

Cisco ThousandEyes Enterprise Agent Virtual Appliance privilege escalation | CVE-2023-20224

August 17, 2023

NAME__________Cisco ThousandEyes Enterprise Agent Virtual Appliance privilege escalationPlatforms Affected:Cisco ThousandEyes Enterprise AgentRisk Level:7.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Cisco ThousandEyes Enterprise Agent Virtual Appliance...

Cisco Prime Infrastructure and Evolved Programmable Network Manager cross-site scripting | CVE-2023-20201

August 17, 2023

NAME__________Cisco Prime Infrastructure and Evolved Programmable Network Manager cross-site scriptingPlatforms Affected:Cisco Prime Infrastructure Cisco Evolved Programmable Network ManagerRisk Level:4.8Exploitability:HighConsequences:Cross-Site Scripting...

Jenkins NodeJS Plugin information disclosure | CVE-2023-40340

August 17, 2023

NAME__________Jenkins NodeJS Plugin information disclosurePlatforms Affected:Jenkins NodeJS Plugin 1.6.0Risk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Jenkins NodeJS Plugin could allow a remote authenticated attacker...

Parsec Loader privilege escalation | US-CERT VU#287122

August 17, 2023

NAME__________Parsec Loader privilege escalationPlatforms Affected:Parsec Parsec Loader 7Risk Level:7.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Parsec Loader could allow a local authenticated attacker to gain...

Cisco Integrated Management Controller cross-site scripting | CVE-2023-20228

August 17, 2023

NAME__________Cisco Integrated Management Controller cross-site scriptingPlatforms Affected:Cisco 5000 Series Enterprise Network Compute System Cisco UCS C-Series M5 Rack Servers Cisco...

Cisco Intersight Private Virtual Appliance command execution | CVE-2023-20013

August 17, 2023

NAME__________Cisco Intersight Private Virtual Appliance command executionPlatforms Affected:Cisco Intersight Private Virtual ApplianceRisk Level:6.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Cisco Intersight Private Virtual Appliance could...

Cisco Prime Infrastructure and Evolved Programmable Network Manager cross-site scripting | CVE-2023-20205

August 17, 2023

Cisco ThousandEyes Enterprise Agent privilege escalation | CVE-2023-20217

August 17, 2023

NAME__________Cisco ThousandEyes Enterprise Agent privilege escalationPlatforms Affected:Cisco ThousandEyes Enterprise AgentRisk Level:5.5Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Cisco ThousandEyes Enterprise Agent could allow a local...

Cisco Prime Infrastructure and Evolved Programmable Network Manager cross-site scripting | CVE-2023-20203

August 17, 2023

Cisco Identity Services Engine information disclosure | CVE-2023-20111

August 17, 2023

NAME__________Cisco Identity Services Engine information disclosurePlatforms Affected:Cisco Identity Services EngineRisk Level:6.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Cisco Identity Services Engine could allow a remote...

Jenkins Config File Provider Plugin information disclosure | CVE-2023-40339

August 17, 2023

NAME__________Jenkins Config File Provider Plugin information disclosurePlatforms Affected:Jenkins Config File Provider Plugin 952.va_544a_6234b_46Risk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Jenkins Folders Config File Provider...

Cisco Expressway Series and TelePresence Video Communication Server command execution | CVE-2023-20209

August 17, 2023

NAME__________Cisco Expressway Series and TelePresence Video Communication Server command executionPlatforms Affected:Cisco Telepresence Video Communication Server Cisco Expressway SeriesRisk Level:6.5Exploitability:UnprovenConsequences:Gain Access...

Jenkins Folders Plugin cross-site request forgery | CVE-2023-40337

August 17, 2023

NAME__________Jenkins Folders Plugin cross-site request forgeryPlatforms Affected:Jenkins Folders Plugin 6.846.v23698686f0f6Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Jenkins Folders Plugin is vulnerable to cross-site request...

Month: August 2023

Jenkins Tuleap Authentication Plugin information disclosure | CVE-2023-40343

Cisco Intersight Virtual Appliance security bypass | CVE-2023-20221

Jenkins Fortify Plugin cross-site request forgery | CVE-2023-4301

Cisco Unified Contact Center Express spoofing | CVE-2023-20232

Jenkins Fortify Plugin security bypass | CVE-2023-4302

Jenkins Fortify Plugin HTML injection | CVE-2023-4303

Cisco ClamAV denial of service | CVE-2023-20197

Jenkins Folders Plugin information disclosure | CVE-2023-40338

Google ChromeOS security bypass | CVE-2023-4369

Cisco Duo Device Health Application for Windows directory traversal | CVE-2023-20229

Jenkins Delphix Plugin information disclosure | CVE-2023-40344

Cisco ThousandEyes Enterprise Agent Virtual Appliance privilege escalation | CVE-2023-20224

Cisco Prime Infrastructure and Evolved Programmable Network Manager cross-site scripting | CVE-2023-20201

Jenkins NodeJS Plugin information disclosure | CVE-2023-40340

Parsec Loader privilege escalation | US-CERT VU#287122

Cisco Integrated Management Controller cross-site scripting | CVE-2023-20228

Cisco Intersight Private Virtual Appliance command execution | CVE-2023-20013

Cisco Prime Infrastructure and Evolved Programmable Network Manager cross-site scripting | CVE-2023-20205

Cisco ThousandEyes Enterprise Agent privilege escalation | CVE-2023-20217

Cisco Prime Infrastructure and Evolved Programmable Network Manager cross-site scripting | CVE-2023-20203

Cisco Identity Services Engine information disclosure | CVE-2023-20111

Jenkins Config File Provider Plugin information disclosure | CVE-2023-40339

Cisco Expressway Series and TelePresence Video Communication Server command execution | CVE-2023-20209

Jenkins Folders Plugin cross-site request forgery | CVE-2023-40337

[INCRANSOM] – Ransomware Victim: Alna-Bioscience

Cobalt Strike Beacon Detected – 52[.]231[.]10[.]139:8080

Cobalt Strike Beacon Detected – 54[.]224[.]145[.]120:443

Cobalt Strike Beacon Detected – 118[.]193[.]37[.]157:8889

Cobalt Strike Beacon Detected – 103[.]225[.]196[.]197:80

You may have missed