CISA: CISA Releases Twelve Industrial Control Systems Advisories
CISA Releases Twelve Industrial Control Systems Advisories CISA released twelve Industrial Control Systems (ICS) advisories on August 10, 2023. These...
Year: 2023
CISA: Fortinet Releases Security Update for FortiOS
Fortinet Releases Security Update for FortiOS Fortinet has released a security update to address a vulnerability (CVE-2023-29182) affecting FortiOS. A...
CISA: CISA Releases Two Industrial Control Systems Advisories
CISA Releases Two Industrial Control Systems Advisories CISA released two Industrial Control Systems (ICS) advisories on August 8, 2023. These...
US-CERT Vulnerability Summary for the Week of July 31, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoyunyecms -- yunyecmsSQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to...
HackerOne Bug Bounty Disclosure: b-sql-injection-in-version-and-below-b-cyberinsane
Company Name: b'ImpressCMS' Company HackerOne URL: https://hackerone.com/impresscms Submitted By:b'cyberinsane'Link to Submitters Profile:https://hackerone.com/b'cyberinsane' Report Title:b'SQL Injection in version 1.4.3 and below'Report...
New Python URL Parsing Flaw Could Enable Command Execution Attacks
A high-severity security flaw has been disclosed in the Python URL parsing function that could be exploited to bypass domain...
Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping
Multiple security vulnerabilities have been disclosed in AudioCodes desk phones and Zoom's Zero Touch Provisioning (ZTP) that could be potentially...
Siemens JT2Go, Teamcenter Visualization and Solid Edge code execution | CVE-2023-28830
NAME__________Siemens JT2Go, Teamcenter Visualization and Solid Edge code executionPlatforms Affected:Siemens JT2Go 14.2.0.4Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Siemens JT2Go, Teamcenter Visualization and Solid...
Dell Storage Integration Tools for VMware (DSITV) information disclosure | CVE-2023-39250
NAME__________Dell Storage Integration Tools for VMware (DSITV) information disclosurePlatforms Affected:Dell Storage Integration Tools for VMware (DSITV) 06.01.00.016Risk Level:6Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Dell...
Nextcloud Server information disclosure | CVE-2023-39958
NAME__________Nextcloud Server information disclosurePlatforms Affected:Nextcloud Nextcloud Server 25.0.0 Nextcloud Nextcloud Enterprise Server 23.0.0 Nextcloud Nextcloud Enterprise Server 24.0.0 Nextcloud Nextcloud...
Elecom network devices OS command execution | CVE-2023-40072
NAME__________Elecom network devices OS command executionPlatforms Affected:ELECOM WAB-S600-PS ELECOM WAB-S300Risk Level:6.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Elecom network devices could allow a remote authenticated...
Lenovo Notebook products privilege escalation | CVE-2023-34419
NAME__________Lenovo Notebook products privilege escalationPlatforms Affected:Lenovo NotebookRisk Level:7.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Lenovo Notebook products could allow a local authenticated attacker to gain...
Nextcloud Server information disclosure | CVE-2023-39959
NAME__________Nextcloud Server information disclosurePlatforms Affected:Nextcloud Nextcloud Server 25.0.0 Nextcloud Nextcloud Enterprise Server 25.0.0 Nextcloud Nextcloud Server 26.0.0 Nextcloud Nextcloud Enterprise...
Code-Projects Online Hospital Management System SQL injection | CVE-2023-37069
NAME__________Code-Projects Online Hospital Management System SQL injectionPlatforms Affected:Code-Projects Online Hospital Management System 1.0Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Code-Projects Online Hospital Management System...
Oduyo Online Collection Software SQL injection | CVE-2023-3716
NAME__________Oduyo Online Collection Software SQL injectionPlatforms Affected:Oduyo Online Collection Software 1.0.0Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Oduyo Online Collection Software is vulnerable to...
Siemens JT Open, JT Utilities code execution | CVE-2023-30796
NAME__________Siemens JT Open, JT Utilities code executionPlatforms Affected:Siemens JT Utilities Siemens Parasolid 35.0 Siemens Parasolid 34.1 Siemens Parasolid 34.0 Siemens...
Siemens JT Open, JT Utilities code execution | CVE-2023-30795
NAME__________Siemens JT Open, JT Utilities code executionPlatforms Affected:Siemens JT Utilities Siemens Parasolid 35.0 Siemens Parasolid 34.1 Siemens Parasolid 34.0 Siemens...
Nextcloud Server denial of service | CVE-2023-39962
NAME__________Nextcloud Server denial of servicePlatforms Affected:Nextcloud Nextcloud Server 25.0.0 Nextcloud Nextcloud Enterprise Server 23.0.0 Nextcloud Nextcloud Enterprise Server 24.0.0 Nextcloud...
Apache Airflow Drill Provider information disclosure | CVE-2023-39553
NAME__________Apache Airflow Drill Provider information disclosurePlatforms Affected:Apache Airflow Drill Provider 2.4.2Risk Level:0Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Apache Airflow Drill Provider could allow a...
Elecom network devices OS command execution | CVE-2023-39455
NAME__________Elecom network devices OS command executionPlatforms Affected:Elecom WRC-1467GHBK-A Elecom WRC-1900GHBK-A Elecom WRC-733FEBK2-A Elecom WRC-F1167ACF2 Elecom WRC-1467GHBK-S Elecom WRC-1900GHBK-SRisk Level:6.8Exploitability:UnprovenConsequences:Gain Access...
Nextcloud Notes cross-site scripting | CVE-2023-39955
NAME__________Nextcloud Notes cross-site scriptingPlatforms Affected:Nextcloud Notes 4.4.0 Nextcloud Notes 4.7.2Risk Level:3.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Nextcloud Notes is vulnerable to cross-site scripting, caused...
Nextcloud Server information disclosure | CVE-2023-39952
NAME__________Nextcloud Server information disclosurePlatforms Affected:Nextcloud Nextcloud Server 25.0.0 Nextcloud Nextcloud Enterprise Server 23.0.0 Nextcloud Nextcloud Enterprise Server 24.0.0 Nextcloud Nextcloud...
Nextcloud Server information disclosure | CVE-2023-39961
NAME__________Nextcloud Server information disclosurePlatforms Affected:Nextcloud Nextcloud Server 25.0.0 Nextcloud Nextcloud Enterprise Server 25.0.0 Nextcloud Nextcloud Server 26.0.0 Nextcloud Nextcloud Enterprise...
Nextcloud Talk Android directory traversal | CVE-2023-39957
NAME__________Nextcloud Talk Android directory traversalPlatforms Affected:Nextcloud Talk Android 16.0.1Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Nextcloud Talk Android could allow a local authenticated attacker...
