Month: January 2024

HYPR Workforce Access security bypass | CVE-2023-6335

January 19, 2024

NAME__________HYPR Workforce Access security bypassPlatforms Affected:HYPR Windows WFA 8.6Risk Level:6.4Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________HYPR Workforce Access could allow a local authenticated attacker...

Drupal denial of service | CVE-2024-22362

January 19, 2024

NAME__________Drupal denial of servicePlatforms Affected:Drupal Drupal 9.3.6Risk Level:5.3Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Drupal is vulnerable to a denial of service, caused by...

TianoCore EDK II information disclosure | US-CERT VU#132380

January 19, 2024

NAME__________TianoCore EDK II information disclosurePlatforms Affected:Risk Level:6.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________TianoCore EDK II could allow a remote attacker to obtain sensitive information,...

TianoCore EDK II denial of service | US-CERT VU#132380

January 19, 2024

NAME__________TianoCore EDK II denial of servicePlatforms Affected:Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________TianoCore EDK II is vulnerable to a denial of service,...

rpm-software-management Mock privilege escalation | CVE-2023-6395

January 19, 2024

NAME__________rpm-software-management Mock privilege escalationPlatforms Affected:rpm-software-management mockRisk Level:6.7Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________rpm-software-management Mock could allow a local authenticated attacker to gain elevated privileges...

Pleasanter cross-site scripting | CVE-2024-21584

January 19, 2024

NAME__________Pleasanter cross-site scriptingPlatforms Affected:Pleasanter Pleasanter 1.3.49.0Risk Level:6.1Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Pleasanter is vulnerable to cross-site scripting, caused by improper validation of user-supplied...

TianoCore EDK II information disclosure | CVE-2023-45229

January 19, 2024

NAME__________TianoCore EDK II information disclosurePlatforms Affected:TianoCore EDK II 202311Risk Level:6.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________TianoCore EDK II could allow a remote attacker to...

TianoCore EDK II information disclosure | US-CERT VU#132380

January 19, 2024

NAME__________TianoCore EDK II information disclosurePlatforms Affected:Risk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________TianoCore EDK II could allow a remote attacker to obtain sensitive information,...

Full Compass Systems WIC1200 cross-site request forgery | CVE-2024-0554

January 19, 2024

NAME__________Full Compass Systems WIC1200 cross-site request forgeryPlatforms Affected:Full Compass Systems WIC1200 1.1Risk Level:5.5Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Full Compass Systems WIC1200 is vulnerable...

GNU GRUB security bypass | CVE-2023-4001

January 19, 2024

NAME__________GNU GRUB security bypassPlatforms Affected:GNU GRUBRisk Level:5.6Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________GNU GRUB could allow a physical authenticated attacker to bypass security restrictions,...

Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition unspecified | CVE-2024-20919

January 19, 2024

NAME__________Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition unspecifiedPlatforms Affected:Oracle GraalVM Enterprise Edition 21.3.8 Oracle GraalVM Enterprise...

Oracle Solaris unspecified | CVE-2024-20920

January 19, 2024

NAME__________ Oracle Solaris unspecified Platforms Affected:Risk Level:3.8Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________An unspecified vulnerability in Oracle Solaris related to the Filesystem component could...

TianoCore EDK II denial of service | US-CERT VU#132380

January 19, 2024

Trellix Endpoint Security (ENS) Web Control cross-site scripting | CVE-2024-0310

January 19, 2024

NAME__________Trellix Endpoint Security (ENS) Web Control cross-site scriptingPlatforms Affected:Trellix Endpoint Security (ENS) Web Control 10.7.0Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Trellix Endpoint Security...

Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition unspecified | CVE-2024-20945

January 19, 2024

NAME__________Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition unspecifiedPlatforms Affected:Oracle GraalVM Enterprise Edition 21.3.8 Oracle GraalVM Enterprise...

HYPR Workforce Access security bypass | CVE-2023-6336

January 19, 2024

NAME__________HYPR Workforce Access security bypassPlatforms Affected:HYPR Windows WFA 8.6Risk Level:7.2Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________HYPR Workforce Access could allow a local authenticated attacker...

HYPR Workforce Access directory traversal | CVE-2023-5097

January 19, 2024

NAME__________HYPR Workforce Access directory traversalPlatforms Affected:HYPR Windows WFA 8.6Risk Level:7Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________HYPR Workforce Access could allow a local authenticated attacker...

Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition unspecified | CVE-2024-20921

January 19, 2024

NAME__________Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition unspecifiedPlatforms Affected:Oracle GraalVM Enterprise Edition 21.3.8 Oracle GraalVM Enterprise...

GitHub Enterprise Server code execution | CVE-2024-0200

January 19, 2024

NAME__________GitHub Enterprise Server code executionPlatforms Affected:GitHub Enterprise Server 3.8.12 GitHub Enterprise Server 3.9.7 GitHub Enterprise Server 3.10.4 GitHub Enterprise Server...

HYPR Workforce Access buffer overflow | CVE-2023-6334

January 19, 2024

NAME__________HYPR Workforce Access buffer overflowPlatforms Affected:HYPR Windows WFA 8.6Risk Level:5.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________HYPR Workforce Access is vulnerable to a buffer overflow,...

Huawei HarmonyOS and EMUI denial of service | CVE-2023-52113

January 19, 2024

NAME__________Huawei HarmonyOS and EMUI denial of servicePlatforms Affected:Huawei EMUI 11.0.1 Huawei EMUI 12.0.0 Huawei EMUI 13.0.0 Huawei HarmonyOS 2.0.0 Huawei...

Skyworth Router CM5100 information disclosure | CVE-2023-51740

January 19, 2024

NAME__________Skyworth Router CM5100 information disclosurePlatforms Affected:Hathway Cable and Datacom Skyworth Router CM5100 4.1.1.24Risk Level:6.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Skyworth Router CM5100 could allow...

Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition unspecified | CVE-2024-20926

January 19, 2024

NAME__________Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition unspecifiedPlatforms Affected:Oracle GraalVM Enterprise Edition 22.3.2 Oracle GraalVM Enterprise...

Skyworth Router CM5100 cross-site scripting | CVE-2023-51725

January 19, 2024

NAME__________Skyworth Router CM5100 cross-site scriptingPlatforms Affected:Hathway Cable and Datacom Skyworth Router CM5100 4.1.1.24Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Skyworth Router CM5100 is vulnerable...

Month: January 2024

HYPR Workforce Access security bypass | CVE-2023-6335

Drupal denial of service | CVE-2024-22362

TianoCore EDK II information disclosure | US-CERT VU#132380

TianoCore EDK II denial of service | US-CERT VU#132380

rpm-software-management Mock privilege escalation | CVE-2023-6395

Pleasanter cross-site scripting | CVE-2024-21584

TianoCore EDK II information disclosure | CVE-2023-45229

TianoCore EDK II information disclosure | US-CERT VU#132380

Full Compass Systems WIC1200 cross-site request forgery | CVE-2024-0554

GNU GRUB security bypass | CVE-2023-4001

Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition unspecified | CVE-2024-20919

Oracle Solaris unspecified | CVE-2024-20920

TianoCore EDK II denial of service | US-CERT VU#132380

Trellix Endpoint Security (ENS) Web Control cross-site scripting | CVE-2024-0310

Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition unspecified | CVE-2024-20945

HYPR Workforce Access security bypass | CVE-2023-6336

HYPR Workforce Access directory traversal | CVE-2023-5097

Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition unspecified | CVE-2024-20921

GitHub Enterprise Server code execution | CVE-2024-0200

HYPR Workforce Access buffer overflow | CVE-2023-6334

Huawei HarmonyOS and EMUI denial of service | CVE-2023-52113

Skyworth Router CM5100 information disclosure | CVE-2023-51740

Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition unspecified | CVE-2024-20926

Skyworth Router CM5100 cross-site scripting | CVE-2023-51725

[INCRANSOM] – Ransomware Victim: Alna-Bioscience

Cobalt Strike Beacon Detected – 52[.]231[.]10[.]139:8080

Cobalt Strike Beacon Detected – 54[.]224[.]145[.]120:443

Cobalt Strike Beacon Detected – 118[.]193[.]37[.]157:8889

Cobalt Strike Beacon Detected – 103[.]225[.]196[.]197:80

You may have missed