North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers
Threat actors associated with North Korea are continuing to target the cybersecurity community using a zero-day bug in unspecified software...
Month: September 2023
Protecting Your Microsoft IIS Servers Against Malware Attacks
Microsoft Internet Information Services (IIS) is a web server software package designed for Windows Server. Organizations commonly use Microsoft IIS...
Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones
Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have...
CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that multiple nation-state actors are exploiting security flaws in...
Simple Membership plugin for WordPress cross-site scripting | CVE-2023-4719
NAME__________Simple Membership plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Simple Membership plugin for WordPress 3.2.8 WordPress Simple Membership Plugin for WordPress...
Cacti cross-site scripting | CVE-2023-39360
NAME__________Cacti cross-site scriptingPlatforms Affected:Cacti Cacti 1.2.24Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Cacti is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
Apple watchOS information disclosure | CVE-2023-34352
NAME__________Apple watchOS information disclosurePlatforms Affected:Apple watchOS 9.4Risk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Apple watchOS could allow a remote attacker to obtain sensitive information,...
Samsung Android information disclosure | CVE-2023-30719
NAME__________Samsung Android information disclosurePlatforms Affected:Samsung AndroidRisk Level:4Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Samsung Android could allow a local attacker to obtain sensitive information, caused...
Cacti command execution | CVE-2023-39362
NAME__________Cacti command executionPlatforms Affected:Cacti Cacti 1.2.24Risk Level:7.2Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Cacti could allow a remote authenticated attacker to execute arbitrary commands on...
Cacti cross-site scripting | CVE-2023-39510
NAME__________Cacti cross-site scriptingPlatforms Affected:Cacti Cacti 1.2.24Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Cacti is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
Jenkins Job Configuration History Plugin directory traversal | CVE-2023-41932
NAME__________Jenkins Job Configuration History Plugin directory traversalPlatforms Affected:Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01fRisk Level:7.1Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Jenkins Job Configuration History Plugin...
Cacti open redirect | CVE-2023-39364
NAME__________Cacti open redirectPlatforms Affected:Cacti Cacti 1.2.24Risk Level:4.3Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Cacti could allow a remote attacker to conduct phishing attacks, caused by...
Apple macOS Ventura information disclosure | CVE-2023-38605
NAME__________Apple macOS Ventura information disclosurePlatforms Affected:Apple macOS Ventura 13.4Risk Level:3.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Apple macOS Ventura could allow a remote attacker to...
Jenkins Assembla Auth Plugin security bypass | CVE-2023-41945
NAME__________Jenkins Assembla Auth Plugin security bypassPlatforms Affected:Jenkins Assembla Auth Plugin 1.14Risk Level:6.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Jenkins Assembla Auth Plugin could allow a...
Jenkins Job Configuration History Plugin directory traversal | CVE-2023-41933
NAME__________Jenkins Job Configuration History Plugin directory traversalPlatforms Affected:Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01fRisk Level:7.1Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Jenkins Job Configuration History Plugin...
Jenkins AWS CodeCommit Trigger Plugin information disclosure | CVE-2023-41941
NAME__________Jenkins AWS CodeCommit Trigger Plugin information disclosurePlatforms Affected:Jenkins AWS CodeCommit Trigger Plugin 3.0.12Risk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Jenkins AWS CodeCommit Trigger Plugin...
Jenkins Pipeline Maven Integration Plugin information disclosure | CVE-2023-41934
NAME__________Jenkins Pipeline Maven Integration Plugin information disclosurePlatforms Affected:Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496Risk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Jenkins Pipeline Maven Integration Plugin...
FreeBSD header injection | CVE-2023-4809
NAME__________FreeBSD header injectionPlatforms Affected:FreeBSD FreeBSD 12.0 FreeBSD FreeBSD 13.0 FreeBSD FreeBSD 13.2 FreeBSD FreeBSD 12.4Risk Level:6.5Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________FreeBSD is vulnerable...
Jenkins AWS CodeCommit Trigger Plugin HTML injection | CVE-2023-41944
NAME__________Jenkins AWS CodeCommit Trigger Plugin HTML injectionPlatforms Affected:Jenkins AWS CodeCommit Trigger Plugin 3.0.12Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Jenkins AWS CodeCommit Trigger Plugin...
direct Desktop App for macOS security bypass | CVE-2023-41775
NAME__________direct Desktop App for macOS security bypassPlatforms Affected:L is B Corp direct Desktop App for macOS 2.6.0Risk Level:4.4Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________direct...
Tenda N300 Wireless N VDSL2 Modem Router information disclosure | US-CERT VU#304455
NAME__________Tenda N300 Wireless N VDSL2 Modem Router information disclosurePlatforms Affected:Tenda N300 Wireless N VDSL2 Modem RouterRisk Level:6.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Tenda N300...
User Submitted Posts plugin for WordPress cross-site scripting | CVE-2023-4779
NAME__________User Submitted Posts plugin for WordPress cross-site scriptingPlatforms Affected:Jeff Starr User Submitted Posts plugin for WordPress 20230811Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________User...
Jenkins Frugal Testing Plugin security bypass | CVE-2023-41947
NAME__________Jenkins Frugal Testing Plugin security bypassPlatforms Affected:Jenkins Frugal Testing Plugin 1.1Risk Level:5.4Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Jenkins Frugal Testing Plugin could allow a...
Jenkins Frugal Testing Plugin cross-site request forgery | CVE-2023-41946
NAME__________Jenkins Frugal Testing Plugin cross-site request forgeryPlatforms Affected:Jenkins Frugal Testing Plugin 1.1Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Jenkins Frugal Testing Plugin is vulnerable...
