WordPress Releases Update 6.4.2 to Address Critical Remote Attack Vulnerability
WordPress has released version 6.4.2 with a patch for a critical security flaw that could be exploited by threat actors...
Month: December 2023
Ransomware-as-a-Service: The Growing Threat You Can’t Ignore
Ransomware attacks have become a significant and pervasive threat in the ever-evolving realm of cybersecurity. Among the various iterations of...
Arista MOS information disclosure | CVE-2023-24547
NAME__________Arista MOS information disclosurePlatforms Affected:Arista MOS 0.13.0Risk Level:5.9Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Arista MOS could allow a remote authenticated attacker to obtain sensitive...
TETRA TA61 information disclosure | CVE-2022-24403
NAME__________TETRA TA61 information disclosurePlatforms Affected:TETRA TA61Risk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________TETRA TA61 could allow a remote attacker within the local network to...
Appointment Scheduler denial of service | CVE-2023-48840
NAME__________Appointment Scheduler denial of servicePlatforms Affected:PHPJabbers Appointment Scheduler 3.0Risk Level:5.3Exploitability:Proof of ConceptConsequences:Denial of Service DESCRIPTION__________Appointment Scheduler is vulnerable to a...
Appointment Scheduler cross-site scripting | CVE-2023-48839
NAME__________Appointment Scheduler cross-site scriptingPlatforms Affected:PHPJabbers Appointment Scheduler 3.0Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Appointment Scheduler is vulnerable to cross-site scripting, caused by improper...
Appointment Scheduler HTML injection | CVE-2023-48838
NAME__________Appointment Scheduler HTML injectionPlatforms Affected:PHPJabbers Appointment Scheduler 3.0Risk Level:6.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Appointment Scheduler is vulnerable to HTML injection. A remote authenticated...
Appointment Scheduler code execution | CVE-2023-48841
NAME__________Appointment Scheduler code executionPlatforms Affected:PHPJabbers Appointment Scheduler 3.0Risk Level:6.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Appointment Scheduler could allow a remote authenticated attacker to execute...
Huawei HarmonyOS denial of service | CVE-2023-6273
NAME__________Huawei HarmonyOS denial of servicePlatforms Affected:Huawei HarmonyOS 2.0.0 Huawei HarmonyOS 2.1.0 Huawei HarmonyOS 3.0.0 Huawei HarmonyOS 3.1.0 Huawei HarmonyOS 4.0.0Risk...
Insyde InsydeH2O denial of service | US-CERT VU#811862
NAME__________Insyde InsydeH2O denial of servicePlatforms Affected:Insyde InsydeH2O 5.2 Insyde InsydeH2O 5.3 Insyde InsydeH2O 5.4 Insyde InsydeH2O 5.5 Insyde InsydeH2O 5.6Risk...
System Dashboard plugin for WordPress information disclosure | CVE-2023-5710
NAME__________System Dashboard plugin for WordPress information disclosurePlatforms Affected:WordPress System Dashboard plugin for WordPress 2.8.7 WordPress System Dashboard plugin for WordPress...
HCL Connections cross-site scripting | CVE-2023-28017
NAME__________HCL Connections cross-site scriptingPlatforms Affected:HCL Connections 6.5 HCL Connections 6.0 HCL Connections 8.0 HCL Connections 7.0Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________HCL Connections...
Elastic Elasticsearch-Hadoop code execution | CVE-2023-46674
NAME__________Elastic Elasticsearch-Hadoop code executionPlatforms Affected:Elastic Elasticsearch-Hadoop 7.17 Elastic Elasticsearch-Hadoop 8.0.0Risk Level:6Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Elastic Elasticsearch-Hadoop could allow a local authenticated attacker...
Phoenix Technologies Phoenix SecureCore code execution | US-CERT VU#811862
NAME__________Phoenix Technologies Phoenix SecureCore code executionPlatforms Affected:Phoenix Technologies Phoenix SecureCoreRisk Level:7.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Phoenix Technologies Phoenix SecureCore could allow a local...
Artifex Ghostscript denial of service | CVE-2023-46751
NAME__________Artifex Ghostscript denial of servicePlatforms Affected:Artifex Ghostscript 10.02.0Risk Level:5.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Artifex Ghostscript is vulnerable to a denial of service,...
AMI AptioV code execution | US-CERT VU#811862
NAME__________AMI AptioV code executionPlatforms Affected:AMI Aptio VRisk Level:7.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________AMI AptioV could allow a local authenticated attacker to execute arbitrary...
Devolutions Remote Desktop Manager code execution | CVE-2023-6288
NAME__________Devolutions Remote Desktop Manager code executionPlatforms Affected:Devolutions Remote Desktop Manager 2023.3.9.3Risk Level:3.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Devolutions Remote Desktop Manager could allow a...
PubNub weak security | CVE-2023-26154
NAME__________PubNub weak securityPlatforms Affected:PubNub PubNub 7.4.0 PubNub PubNub 6.19.0 PubNub PubNub 7.2.0 PubNub PubNub 7.3.0 PubNub PubNub 6.1.0 PubNub PubNub...
AMI Aptio V code execution | US-CERT VU#811862
NAME__________AMI Aptio V code executionPlatforms Affected:AMI Aptio VRisk Level:7.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________AMI Aptio V could allow a local authenticated attacker to...
System Dashboard plugin for WordPress information disclosure | CVE-2023-5712
NAME__________System Dashboard plugin for WordPress information disclosurePlatforms Affected:WordPress System Dashboard plugin for WordPress 2.8.7 WordPress System Dashboard plugin for WordPress...
Quarkus information disclosure | CVE-2023-6393
NAME__________Quarkus information disclosurePlatforms Affected:QuarkusIO Quarkus 3.5.1 QuarkusIO Quarkus 3.2.8.Final QuarkusIO Quarkus 3.5.0Risk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Quarkus could allow a remote authenticated...
Jellyfin weak security | CVE-2023-49096
NAME__________Jellyfin weak securityPlatforms Affected:Jellyfin Jellyfin 10.8.12Risk Level:7.7Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Jellyfin could provide weaker than expected security, caused by an argument injection...
System Dashboard plugin for WordPress information disclosure | CVE-2023-5714
NAME__________System Dashboard plugin for WordPress information disclosurePlatforms Affected:WordPress System Dashboard plugin for WordPress 2.8.7 WordPress System Dashboard plugin for WordPress...
ControlByWeb Relays cross-site scripting | CVE-2023-6333
NAME__________ControlByWeb Relays cross-site scriptingPlatforms Affected:ControlByWeb X-332-24I 1.06 ControlByWeb X-301-I 1.15 ControlByWeb X-301-24I 1.15Risk Level:7.5Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________ControlByWeb Relays is vulnerable to...
