Year: 2023

VMware Tanzu Spring Boot denial of service | CVE-2023-34055

November 30, 2023

NAME__________VMware Tanzu Spring Boot denial of servicePlatforms Affected:VMware Tanzu Spring Boot 2.7.0 VMware Tanzu Spring Boot 3.0.0 Tanzu VMware Spring...

Mattermost open redirect | CVE-2023-47168

November 30, 2023

NAME__________Mattermost open redirectPlatforms Affected:Mattermost Mattermost Server 7.8.12 Mattermost Mattermost Server 8.1.3 Mattermost Mattermost Server 9.0.1 Mattermost Mattermost Server 9.1.0Risk Level:4.3Exploitability:UnprovenConsequences:Other...

Jenkins NeuVector Vulnerability Scanner Plugin security bypass | CVE-2023-49674

November 30, 2023

NAME__________Jenkins NeuVector Vulnerability Scanner Plugin security bypassPlatforms Affected:Jenkins NeuVector Vulnerability Scanner Plugin 1.22Risk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Jenkins NeuVector Vulnerability Scanner Plugin...

Alumne LMS cross-site scripting | CVE-2023-6359

November 30, 2023

NAME__________Alumne LMS cross-site scriptingPlatforms Affected:Alumne LMS Alumne LMS 4.0.0.1.08Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Alumne LMS is vulnerable to cross-site scripting, caused by...

ESKOM Computer e-municipality module information disclosure | CVE-2023-6151

November 30, 2023

NAME__________ESKOM Computer e-municipality module information disclosurePlatforms Affected:ESKOM Computer e-municipality module 104Risk Level:7.2Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________ESKOM Computer e-municipality module could allow a...

Jenkins Google Compute Engine Plugin information disclosure | CVE-2023-49652

November 30, 2023

NAME__________Jenkins Google Compute Engine Plugin information disclosurePlatforms Affected:Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11Risk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Jenkins Google Compute Engine Plugin...

Jenkins MATLAB Plugin cross-site request forgery | CVE-2023-49655

November 30, 2023

NAME__________Jenkins MATLAB Plugin cross-site request forgeryPlatforms Affected:Jenkins MATLAB Plugin 2.11.0Risk Level:7.1Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Jenkins MATLAB Plugin is vulnerable to cross-site request...

Jenkins MATLAB Plugin information disclosure | CVE-2023-49656

November 30, 2023

NAME__________Jenkins MATLAB Plugin information disclosurePlatforms Affected:Jenkins MATLAB Plugin 2.11.0Risk Level:7.1Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Jenkins MATLAB Plugin could allow a remote authenticated attacker...

Trellix Enterprise Security Manager (ESM) server-side request forgery | CVE-2023-6070

November 30, 2023

NAME__________Trellix Enterprise Security Manager (ESM) server-side request forgeryPlatforms Affected:Trellix Enterprise Security Manager 11.6.3 Trellix Enterprise Security Manager 11.6.2 Trellix Enterprise...

Jenkins NeuVector Vulnerability Scanner Plugin cross-site request forgery | CVE-2023-49673

November 30, 2023

NAME__________Jenkins NeuVector Vulnerability Scanner Plugin cross-site request forgeryPlatforms Affected:Jenkins NeuVector Vulnerability Scanner Plugin 1.22Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Jenkins NeuVector Vulnerability Scanner...

Jenkins MATLAB Plugin security bypass | CVE-2023-49654

November 30, 2023

NAME__________Jenkins MATLAB Plugin security bypassPlatforms Affected:Jenkins MATLAB Plugin 2.11.0Risk Level:7.1Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Jenkins MATLAB Plugin could allow a remote authenticated attacker...

Jenkins Jira Plugin information disclosure | CVE-2023-49653

November 30, 2023

NAME__________Jenkins Jira Plugin information disclosurePlatforms Affected:Jenkins Jira Plugin 3.11Risk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Jenkins Jira Plugin could allow a remote authenticated attacker...

Year: 2023

VMware Tanzu Spring Boot denial of service | CVE-2023-34055

Mattermost open redirect | CVE-2023-47168

Jenkins NeuVector Vulnerability Scanner Plugin security bypass | CVE-2023-49674

Alumne LMS cross-site scripting | CVE-2023-6359

ESKOM Computer e-municipality module information disclosure | CVE-2023-6151

Jenkins Google Compute Engine Plugin information disclosure | CVE-2023-49652

Jenkins MATLAB Plugin cross-site request forgery | CVE-2023-49655

Jenkins MATLAB Plugin information disclosure | CVE-2023-49656

Trellix Enterprise Security Manager (ESM) server-side request forgery | CVE-2023-6070

Jenkins NeuVector Vulnerability Scanner Plugin cross-site request forgery | CVE-2023-49673

Jenkins MATLAB Plugin security bypass | CVE-2023-49654

Jenkins Jira Plugin information disclosure | CVE-2023-49653

Microsoft Edge Multiple Vulnerabilities

U.S. Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers

U.S. Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers

Dollar Tree hit by third-party data breach impacting 2 million people

Google Chrome Multiple Vulnerabilities

Hackers Exploit Critical Vulnerability in ownCloud

Google Fixes Sixth Chrome Zero-Day Bug of the Year

DeleFriend Weakness Puts Google Workspace Security at Risk

A Fifth of UK SMBs Can’t Spot Scams

AI Boosts Malware Detection Rates by 70%

GoTitan Botnet and PrCtrl RAT Exploit Apache Vulnerability

Estante Virtual – 5,412,603 breached accounts

[FUNKSEC] – Ransomware Victim: kuzstu-nf[.]ru

[FUNKSEC] – Ransomware Victim: mymobileforms app

CISA: CISA and US and International Partners Publish Guidance on Priority Considerations in Product Selection for OT Owners and Operators

[RANSOMHUB] – Ransomware Victim: mi[.]edu

[LOCKBIT3] – Ransomware Victim: telering[.]de

You may have missed