Month: August 2023

CISA

CISA: CISA Releases its Cybersecurity Strategic Plan

August 13, 2023

CISA Releases its Cybersecurity Strategic Plan Today, CISA released a strategic plan to lay out how we will fulfill our...

CISA

CISA: CISA Releases Five Industrial Control Systems Advisories

August 13, 2023

CISA Releases Five Industrial Control Systems Advisories CISA released five Industrial Control Systems (ICS) advisories on August 3, 2023. These...

CISA

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

August 13, 2023

CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog,...

CISA

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

August 13, 2023

CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog,...

CISA

CISA: Adobe Releases Security Updates for Multiple Products

August 13, 2023

Adobe Releases Security Updates for Multiple Products Adobe has released security updates to address multiple vulnerabilities in Adobe software. An...

CISA

CISA: CISA Releases Twelve Industrial Control Systems Advisories

August 13, 2023

CISA Releases Twelve Industrial Control Systems Advisories CISA released twelve Industrial Control Systems (ICS) advisories on August 10, 2023. These...

CISA

CISA: Fortinet Releases Security Update for FortiOS

August 13, 2023

Fortinet Releases Security Update for FortiOS Fortinet has released a security update to address a vulnerability (CVE-2023-29182) affecting FortiOS. A...

CISA

CISA: CISA Releases Two Industrial Control Systems Advisories

August 13, 2023

CISA Releases Two Industrial Control Systems Advisories CISA released two Industrial Control Systems (ICS) advisories on August 8, 2023. These...

News

US-CERT Vulnerability Summary for the Week of July 31, 2023

August 12, 2023

High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoyunyecms -- yunyecmsSQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to...

HackerOne Bug Bounty Disclosure: b-sql-injection-in-version-and-below-b-cyberinsane

August 12, 2023

Company Name: b'ImpressCMS' Company HackerOne URL: https://hackerone.com/impresscms Submitted By:b'cyberinsane'Link to Submitters Profile:https://hackerone.com/b'cyberinsane' Report Title:b'SQL Injection in version 1.4.3 and below'Report...

New Python URL Parsing Flaw Could Enable Command Execution Attacks

August 12, 2023

A high-severity security flaw has been disclosed in the Python URL parsing function that could be exploited to bypass domain...

Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping

August 12, 2023

Multiple security vulnerabilities have been disclosed in AudioCodes desk phones and Zoom's Zero Touch Provisioning (ZTP) that could be potentially...

Siemens JT2Go, Teamcenter Visualization and Solid Edge code execution | CVE-2023-28830

August 12, 2023

NAME__________Siemens JT2Go, Teamcenter Visualization and Solid Edge code executionPlatforms Affected:Siemens JT2Go 14.2.0.4Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Siemens JT2Go, Teamcenter Visualization and Solid...

Dell Storage Integration Tools for VMware (DSITV) information disclosure | CVE-2023-39250

August 12, 2023

NAME__________Dell Storage Integration Tools for VMware (DSITV) information disclosurePlatforms Affected:Dell Storage Integration Tools for VMware (DSITV) 06.01.00.016Risk Level:6Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Dell...

Nextcloud Server information disclosure | CVE-2023-39958

August 12, 2023

NAME__________Nextcloud Server information disclosurePlatforms Affected:Nextcloud Nextcloud Server 25.0.0 Nextcloud Nextcloud Enterprise Server 23.0.0 Nextcloud Nextcloud Enterprise Server 24.0.0 Nextcloud Nextcloud...

Elecom network devices OS command execution | CVE-2023-40072

August 12, 2023

NAME__________Elecom network devices OS command executionPlatforms Affected:ELECOM WAB-S600-PS ELECOM WAB-S300Risk Level:6.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Elecom network devices could allow a remote authenticated...

Lenovo Notebook products privilege escalation | CVE-2023-34419

August 12, 2023

NAME__________Lenovo Notebook products privilege escalationPlatforms Affected:Lenovo NotebookRisk Level:7.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Lenovo Notebook products could allow a local authenticated attacker to gain...

Nextcloud Server information disclosure | CVE-2023-39959

August 12, 2023

NAME__________Nextcloud Server information disclosurePlatforms Affected:Nextcloud Nextcloud Server 25.0.0 Nextcloud Nextcloud Enterprise Server 25.0.0 Nextcloud Nextcloud Server 26.0.0 Nextcloud Nextcloud Enterprise...

Code-Projects Online Hospital Management System SQL injection | CVE-2023-37069

August 12, 2023

NAME__________Code-Projects Online Hospital Management System SQL injectionPlatforms Affected:Code-Projects Online Hospital Management System 1.0Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Code-Projects Online Hospital Management System...

Oduyo Online Collection Software SQL injection | CVE-2023-3716

August 12, 2023

NAME__________Oduyo Online Collection Software SQL injectionPlatforms Affected:Oduyo Online Collection Software 1.0.0Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Oduyo Online Collection Software is vulnerable to...

Siemens JT Open, JT Utilities code execution | CVE-2023-30796

August 12, 2023

NAME__________Siemens JT Open, JT Utilities code executionPlatforms Affected:Siemens JT Utilities Siemens Parasolid 35.0 Siemens Parasolid 34.1 Siemens Parasolid 34.0 Siemens...

Siemens JT Open, JT Utilities code execution | CVE-2023-30795

August 12, 2023

NAME__________Siemens JT Open, JT Utilities code executionPlatforms Affected:Siemens JT Utilities Siemens Parasolid 35.0 Siemens Parasolid 34.1 Siemens Parasolid 34.0 Siemens...

Nextcloud Server denial of service | CVE-2023-39962

August 12, 2023

NAME__________Nextcloud Server denial of servicePlatforms Affected:Nextcloud Nextcloud Server 25.0.0 Nextcloud Nextcloud Enterprise Server 23.0.0 Nextcloud Nextcloud Enterprise Server 24.0.0 Nextcloud...

Apache Airflow Drill Provider information disclosure | CVE-2023-39553

August 12, 2023

NAME__________Apache Airflow Drill Provider information disclosurePlatforms Affected:Apache Airflow Drill Provider 2.4.2Risk Level:0Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Apache Airflow Drill Provider could allow a...

Month: August 2023

CISA: CISA Releases its Cybersecurity Strategic Plan

CISA: CISA Releases Five Industrial Control Systems Advisories

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: Adobe Releases Security Updates for Multiple Products

CISA: CISA Releases Twelve Industrial Control Systems Advisories

CISA: Fortinet Releases Security Update for FortiOS

CISA: CISA Releases Two Industrial Control Systems Advisories

US-CERT Vulnerability Summary for the Week of July 31, 2023

HackerOne Bug Bounty Disclosure: b-sql-injection-in-version-and-below-b-cyberinsane

New Python URL Parsing Flaw Could Enable Command Execution Attacks

Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping

Siemens JT2Go, Teamcenter Visualization and Solid Edge code execution | CVE-2023-28830

Dell Storage Integration Tools for VMware (DSITV) information disclosure | CVE-2023-39250

Nextcloud Server information disclosure | CVE-2023-39958

Elecom network devices OS command execution | CVE-2023-40072

Lenovo Notebook products privilege escalation | CVE-2023-34419

Nextcloud Server information disclosure | CVE-2023-39959

Code-Projects Online Hospital Management System SQL injection | CVE-2023-37069

Oduyo Online Collection Software SQL injection | CVE-2023-3716

Siemens JT Open, JT Utilities code execution | CVE-2023-30796

Siemens JT Open, JT Utilities code execution | CVE-2023-30795

Nextcloud Server denial of service | CVE-2023-39962

Apache Airflow Drill Provider information disclosure | CVE-2023-39553

CISA: Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation

CISA: CISA Releases Four Industrial Control Systems Advisories

CISA: JCDC’s Industry-Government Collaboration Speeds Mitigation of CrowdStrike IT Outage

CISA: CISA Releases Three Industrial Control Systems Advisories

CISA: Foreign Threat Actor Conducting Large-Scale Spearphishing Campaign with RDP Attachments

You may have missed