Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware
The prolific threat actor known as Scattered Spider has been observed impersonating newly hired employees in targeted firms as a...
Month: October 2023
The Danger of Forgotten Pixels on Websites: A New Case Study
While cyberattacks on websites receive much attention, there are often unaddressed risks that can lead to businesses facing lawsuits and...
Critical Flaw in NextGen’s Mirth Connect Could Expose Healthcare Data
Users of Mirth Connect, an open-source data integration platform from NextGen HealthCare, are being urged to update to the latest...
Aruba Networks ClearPass Policy Manager SQL injection | CVE-2023-43507
NAME__________Aruba Networks ClearPass Policy Manager SQL injectionPlatforms Affected:Risk Level:7.2Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________Aruba Networks ClearPass Policy Manager is vulnerable to SQL injection....
Aruba Networks ClearPass Policy Manager open redirect | CVE-2023-43509
NAME__________Aruba Networks ClearPass Policy Manager open redirectPlatforms Affected:Risk Level:5.8Exploitability:UnprovenConsequences:Other DESCRIPTION__________Aruba Networks ClearPass Policy Manager could allow a remote attacker to...
Aruba Networks ClearPass Policy Manager command execution | CVE-2023-43510
NAME__________Aruba Networks ClearPass Policy Manager command executionPlatforms Affected:Risk Level:4.7Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Aruba Networks ClearPass Policy Manager could allow a remote authenticated...
Aruba Networks ClearPass Policy Manager privilege escalation | CVE-2023-43506
NAME__________Aruba Networks ClearPass Policy Manager privilege escalationPlatforms Affected:Risk Level:7.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Aruba Networks ClearPass Policy Manager could allow a local authenticated...
Aruba Networks ClearPass Policy Manager privilege escalation | CVE-2023-43508
NAME__________Aruba Networks ClearPass Policy Manager privilege escalationPlatforms Affected:Risk Level:6.3Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Aruba Networks ClearPass Policy Manager could allow a remote authenticated...
Apple macOS Sonoma spoofing | CVE-2023-42438
NAME__________Apple macOS Sonoma spoofingPlatforms Affected:Apple macOS Sonoma 14.0Risk Level:6.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Apple macOS Sonoma could allow a remote attacker to conduct...
Auto Amazon Links Plugin for WordPress cross-site scripting | CVE-2023-4482
NAME__________Auto Amazon Links Plugin for WordPress cross-site scriptingPlatforms Affected:Zenario ZenarioCMS 9.4.59197Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Auto Amazon Links Plugin for WordPress is...
Apple macOS Monterey privilege escalation | CVE-2023-40423
NAME__________Apple macOS Monterey privilege escalationPlatforms Affected:Apple macOS Monterey 12.7.0Risk Level:7.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Apple macOS Monterey could allow a local attacker to...
Apple macOS Sonoma information disclosure | CVE-2023-40405
NAME__________Apple macOS Sonoma information disclosurePlatforms Affected:Apple macOS Sonoma 14.0Risk Level:5.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Apple macOS Sonoma could allow a local attacker to...
Apple macOS Monterey code execution | CVE-2023-42856
NAME__________Apple macOS Monterey code executionPlatforms Affected:Apple macOS Monterey 12.7.0Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Apple macOS Monterey could allow a remote attacker to...
X.Org X Server code execution | CVE-2023-5367
NAME__________X.Org X Server code executionPlatforms Affected:X.Org X Server 1.4.0 X.Org X Server 1.7.0Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________X.Org X Server could allow...
EventPrime Plugin for WordPress cross-site scripting | CVE-2023-45637
NAME__________EventPrime Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress EventPrime Plugin for WordPress 3.1.5Risk Level:7.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________EventPrime Plugin for WordPress is vulnerable...
Apple macOS Ventura security bypass | CVE-2023-40401
NAME__________Apple macOS Ventura security bypassPlatforms Affected:Apple macOS Ventura 13.6.0Risk Level:5.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Apple macOS Ventura could allow a local attacker to...
Apple macOS Ventura information disclosure | CVE-2023-41077
NAME__________Apple macOS Ventura information disclosurePlatforms Affected:Apple macOS Ventura 13.6.0Risk Level:5.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Apple macOS Ventura could allow a local attacker to...
Apple watchOS information disclosure | CVE-2023-41988
NAME__________Apple watchOS information disclosurePlatforms Affected:Apple watchOS 10.0.0Risk Level:5.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Apple watchOS could allow a local attacker to obtain sensitive information,...
Apple macOS Monterey information disclosure | CVE-2023-40421
NAME__________Apple macOS Monterey information disclosurePlatforms Affected:Apple macOS Monterey 12.7.0Risk Level:5.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Apple macOS Monterey could allow a local attacker to...
Apple macOS Sonoma security bypass | CVE-2023-42861
NAME__________Apple macOS Sonoma security bypassPlatforms Affected:Apple macOS Sonoma 14.0Risk Level:5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Apple macOS Sonoma could allow a local authenticated attacker...
Jenkins MSTeams Webhook Trigger Plugin information disclosure | CVE-2023-46658
NAME__________Jenkins MSTeams Webhook Trigger Plugin information disclosurePlatforms Affected:Jenkins MSTeams Webhook Trigger Plugin 0.1.1Risk Level:3.7Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Jenkins MSTeams Webhook Trigger Plugin...
Apple macOS Monterey information disclosure | CVE-2023-40416
NAME__________Apple macOS Monterey information disclosurePlatforms Affected:Apple macOS Monterey 12.7.0Risk Level:6.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Apple macOS Monterey could allow a remote attacker to...
Apple watchOS security bypass | CVE-2023-40408
NAME__________Apple watchOS security bypassPlatforms Affected:Apple watchOS 10.0.0Risk Level:5.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Apple watchOS could allow a local attacker to bypass security restrictions,...
Apple Safari denial of service | CVE-2023-41983
NAME__________Apple Safari denial of servicePlatforms Affected:Apple Safari 17.0Risk Level:6.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Apple Safari is vulnerable to a denial of service,...
