New Malvertising Campaign Distributing PikaBot Disguised as Popular Software
The malware loader known as PikaBot is being distributed as part of a malvertising campaign targeting users searching for legitimate...
Month: December 2023
Are We Ready to Give Up on Security Awareness Training?
Some of you have already started budgeting for 2024 and allocating funds to security areas within your organization. It is...
SchedMD Slurm denial of service | CVE-2023-49936
NAME__________SchedMD Slurm denial of servicePlatforms Affected:SchedMD Slurm 22.05 SchedMD Slurm 23.02Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________SchedMD Slurm is vulnerable to a...
Beckhoff authelia-bhf included in TwinCAT/BSD open redirect | CVE-2023-6545
NAME__________Beckhoff authelia-bhf included in TwinCAT/BSD open redirectPlatforms Affected:Beckhoffs authelia-bhf 4.37Risk Level:4.3Exploitability:UnprovenConsequences:Other DESCRIPTION__________Beckhoff authelia-bhf included in TwinCAT/BSD could allow a remote...
FreeBSD information disclosure | CVE-2023-6660
NAME__________FreeBSD information disclosurePlatforms Affected:Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________FreeBSD could allow a remote attacker to obtain sensitive information, caused by a flaw...
SchedMD Slurm SQL injection | CVE-2023-49934
NAME__________SchedMD Slurm SQL injectionPlatforms Affected:SchedMD Slurm 22.05 SchedMD Slurm 23.02Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________SchedMD Slurm is vulnerable to SQL injection. A...
IBM Cloud Pak for Business Automation information disclosure | CVE-2023-40691
NAME__________IBM Cloud Pak for Business Automation information disclosurePlatforms Affected:IBM Cloud Pak for Business Automation 18.0.0 IBM Cloud Pak for Business...
PRIMX CRYHOD security bypass | CVE-2023-50443
NAME__________PRIMX CRYHOD security bypassPlatforms Affected:PRIMX CRYHOD Q.2020.3Risk Level:4Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________PRIMX CRYHOD could allow a physically proximate authenticated attacker to bypass...
SchedMD Slurm security bypass | CVE-2023-49935
NAME__________SchedMD Slurm security bypassPlatforms Affected:SchedMD Slurm 22.05 SchedMD Slurm 23.02Risk Level:4.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________SchedMD Slurm could allow a remote authenticated attacker...
PRIMX products open redirect | CVE-2023-50440
NAME__________PRIMX products open redirectPlatforms Affected:PRIMX ZED! Q.2020.2 PRIMX ZED! Q.2021.1 PRIMX ZONECENTRAL Q.2021.1 PRIMX ZONECENTRAL 2023.4 PRIMX ZEDMAIL 2023.4 PRIMX...
SchedMD Slurm security bypass | CVE-2023-49933
NAME__________SchedMD Slurm security bypassPlatforms Affected:SchedMD Slurm 22.05 SchedMD Slurm 23.02Risk Level:4.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________SchedMD Slurm could allow a remote authenticated attacker...
IBM UrbanCode Deploy HTML injection | CVE-2023-42015
NAME__________IBM UrbanCode Deploy HTML injectionPlatforms Affected:IBM UrbanCode Deploy 7.1 IBM UrbanCode Deploy 7.2 IBM UrbanCode Deploy 7.3 IBM UrbanCode Deploy...
PRIMX products information disclosure | CVE-2023-50439
NAME__________PRIMX products information disclosurePlatforms Affected:PRIMX ZED! Q.2020.2 PRIMX ZED! Q.2021.1 PRIMX ZONECENTRAL Q.2021.1 PRIMX ZONECENTRAL 2023.4 PRIMX ZEDMAIL 2023.4 PRIMX...
PRIMX ZONECENTRAL security bypass | CVE-2023-50442
NAME__________PRIMX ZONECENTRAL security bypassPlatforms Affected:PRIMX ZONECENTRAL 2023.4Risk Level:5.7Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________PRIMX ZONECENTRAL could allow a local authenticated attacker to bypass security...
PRIMX ZONECENTRAL security bypass | CVE-2023-50441
NAME__________PRIMX ZONECENTRAL security bypassPlatforms Affected:PRIMX ZONECENTRAL Q.2021.1 PRIMX ZONECENTRAL 2023.4Risk Level:4.8Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________PRIMX ZONECENTRAL could allow a remote authenticated attacker...
Apache StreamPark (incubating) SQL injection | CVE-2023-30867
NAME__________Apache StreamPark (incubating) SQL injectionPlatforms Affected:Apache StreamPark (incubating) 2.0.0 Apache StreamPark (incubating) 2.1.1Risk Level:5.4Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Apache StreamPark (incubating) is vulnerable...
Siemens SCALANCE M-800/S615 Family command execution | CVE-2023-49692
NAME__________Siemens SCALANCE M-800/S615 Family command executionPlatforms Affected:Siemens SCALANCE M800/S615 Siemens RUGGEDCOM RM1224 LTE(4G) EU (6GK6108- 4AM00-2BA2) Siemens RUGGEDCOM RM1224 LTE(4G)...
RTPEngine denial of service |
NAME__________RTPEngine denial of servicePlatforms Affected:RTPEngine RTPEngine mr11.5.1.6Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________RTPEngine is vulnerable to a denial of service, caused by...
Dashboard Widgets Suite Plugin for WordPress cross-site scripting | CVE-2023-49743
NAME__________Dashboard Widgets Suite Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Dashboard Widgets Suite plugin for WordPress 3.4.1Risk Level:5.9Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Dashboard Widgets...
JFinalcms carousel image cross-site scripting | CVE-2023-50100
NAME__________JFinalcms carousel image cross-site scriptingPlatforms Affected:jflyfox Jfinal CMS 5.0.0Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________JFinalcms is vulnerable to cross-site scripting, caused by improper...
Siemens SIMATIC CP, SINAMICS, SIPLUS NET CP denial of service | CVE-2023-38380
NAME__________Siemens SIMATIC CP, SINAMICS, SIPLUS NET CP denial of servicePlatforms Affected:Siemens SIPLUS NET CP 1543-1 (6AG1543-1AX00- 2XE0) Siemens SIMATIC CP...
Jfinal CMS site management office cross-site scripting |
NAME__________Jfinal CMS site management office cross-site scriptingPlatforms Affected:jflyfox Jfinal CMS 5.0.0Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Jfinal CMS is vulnerable to cross-site scripting,...
Siemens SCALANCE M-800/S615 Family command execution | CVE-2023-49691
NAME__________Siemens SCALANCE M-800/S615 Family command executionPlatforms Affected:Siemens SCALANCE M800/S615 Siemens RUGGEDCOM RM1224 LTE(4G) EU (6GK6108- 4AM00-2BA2) Siemens RUGGEDCOM RM1224 LTE(4G)...
Spiffy Calendar Plugin for WordPress cross-site scripting | CVE-2023-49745
NAME__________Spiffy Calendar Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Spiffy Calendar Plugin for WordPress 4.9.5Risk Level:6.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Spiffy Calendar Plugin for...
