CISA: CISA Releases First Secure by Design Alert
CISA Releases First Secure by Design Alert Today, CISA published guidance on How Software Manufacturers Can Shield Web Management Interfaces...
Month: December 2023
CISA: CISA Releases Four Industrial Control Systems Advisories
CISA Releases Four Industrial Control Systems Advisories CISA released four Industrial Control Systems (ICS) advisories on November 28, 2023. These...
CISA: Exploitation of Unitronics PLCs used in Water and Wastewater Systems
Exploitation of Unitronics PLCs used in Water and Wastewater Systems CISA is responding to active exploitation(link is external) of Unitronics...
CISA: CISA Releases Four Industrial Control Systems Advisories
CISA Releases Four Industrial Control Systems Advisories CISA released four Industrial Control Systems (ICS) advisories on November 30, 2023. These...
Absis cross-site scripting | CVE-2023-49029
NAME__________Absis cross-site scriptingPlatforms Affected:absis absis 2017-10-19Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Absis is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
Klive SQL injection | CVE-2023-49030
NAME__________Klive SQL injectionPlatforms Affected:32ns klive 2019-1-19Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Klive is vulnerable to SQL injection. A remote attacker could send specially...
Zyxel ATP and USG FLEX series devices denial of service | CVE-2023-37926
NAME__________Zyxel ATP and USG FLEX series devices denial of servicePlatforms Affected:Zyxel ATP series 5.10 Zyxel ATP series 5.37 Zyxel USG...
aio-libs aiohttp CRLF injection | CVE-2023-49081
NAME__________aio-libs aiohttp CRLF injectionPlatforms Affected:aio-libs aiohttp 3.8.6Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________aio-libs aiohttp is vulnerable to CRLF injection, caused by improper input...
CarrierWave cross-site scripting | CVE-2023-49090
NAME__________CarrierWave cross-site scriptingPlatforms Affected:CarrierWave CarrierWave 2.2.4 CarrierWave CarrierWave 3.0.4Risk Level:6.8Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________CarrierWave is vulnerable to cross-site scripting, caused by improper...
Zyxel ATP and USG FLEX series devices information disclosure | CVE-2023-35136
NAME__________Zyxel ATP and USG FLEX series devices information disclosurePlatforms Affected:Zyxel ATP series 5.10 Zyxel ATP series 5.37 Zyxel USG FLEX...
Oro OroCalendarBundle information disclosure | CVE-2023-32063
NAME__________Oro OroCalendarBundle information disclosurePlatforms Affected:Oro OroCalendarBundle 4.2.0 Oro OroCalendarBundle 4.2.5Risk Level:5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Oro OroCalendarBundle could allow a remote authenticated attacker...
Oro OroCommerce information disclosure | CVE-2023-32065
NAME__________Oro OroCommerce information disclosurePlatforms Affected:OroCommerce OroCommerce 4.1.0 OroCommerce OroCommerce 4.2.0 OroCommerce OroCommerce 5.0.0 OroCommerce OroCommerce 4.1.13 OroCommerce OroCommerce 4.2.10 OroCommerce...
Oro OroCommerce information disclosure | CVE-2023-32064
NAME__________Oro OroCommerce information disclosurePlatforms Affected:OroCommerce OroCommerce 4.1.0 OroCommerce OroCommerce 4.2.0 OroCommerce OroCommerce 5.0.0 OroCommerce OroCommerce 4.1.13 OroCommerce OroCommerce 4.2.10 OroCommerce...
Oro OroPlatform information disclosure | CVE-2023-32062
NAME__________Oro OroPlatform information disclosurePlatforms Affected:Oro OroPlatform 4.2.0 Oro OroPlatform 4.1.0 Oro OroPlatform 3.1.0Risk Level:5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Oro OroPlatform could allow a...
Absis cross-site scripting | CVE-2023-49028
NAME__________Absis cross-site scriptingPlatforms Affected:absis absis 2017-10-19Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Absis is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
aio-libs aiohttp CRLF injection | CVE-2023-49082
NAME__________aio-libs aiohttp CRLF injectionPlatforms Affected:aio-libs aiohttp 3.8.6Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________aio-libs aiohttp is vulnerable to CRLF injection, caused by improper input...
GitLab Community and Enterprise Edition security bypass | CVE-2023-3964
NAME__________GitLab Community and Enterprise Edition security bypassPlatforms Affected:GitLab Enterprise Edition 16.4.0 GitLab Enterprise Edition 16.5.0 GitLab Community Edition 16.5.0 GitLab...
Zyxel ATP and USG FLEX series devices cross-site scripting | CVE-2023-35139
NAME__________Zyxel ATP and USG FLEX series devices cross-site scriptingPlatforms Affected:Zyxel ATP series 5.10 Zyxel ATP series 5.37 Zyxel USG FLEX...
Apache Cocoon SQL injection | CVE-2022-45135
NAME__________Apache Cocoon SQL injectionPlatforms Affected:Apache Cocoon 2.2Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________is vulnerable to SQL injection. A remote attacker could send specially-crafted...
Xsendfile module for Drupal security bypass |
NAME__________Xsendfile module for Drupal security bypassPlatforms Affected:Drupal Xsendfile module for Drupal 8.x-1.1Risk Level:5.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Xsendfile module for Drupal could allow...
Apache Cocoon information disclosure | CVE-2023-49733
NAME__________Apache Cocoon information disclosurePlatforms Affected:Apache Cocoon 2.2Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Apache Cocoon could allow a remote attacker to obtain sensitive information,...
GitLab Community and Enterprise Edition security bypass | CVE-2023-3443
NAME__________GitLab Community and Enterprise Edition security bypassPlatforms Affected:GitLab Enterprise Edition 16.4.0 GitLab Enterprise Edition 16.5.0 GitLab Community Edition 16.5.0 GitLab...
Zyxel ATP and USG FLEX series devices information disclosure | CVE-2023-37925
NAME__________Zyxel ATP and USG FLEX series devices information disclosurePlatforms Affected:Zyxel ATP series 5.10 Zyxel ATP series 5.37 Zyxel USG FLEX...
Apache Tiles directory traversal | CVE-2023-49735
NAME__________Apache Tiles directory traversalPlatforms Affected:Apache Tiles 2.0.0Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Apache Tiles could allow a remote attacker to traverse directories on...
