Daily Vulnerability Trends: Sat Jan 28 2023
Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2022-3094Sending a flood of dynamic DNS updates may cause `named` to allocate...
CVE
Sengled Zigbee Smart Bulb denial of service | CVE-2022-47100
NAME__________Sengled Zigbee Smart Bulb denial of servicePlatforms Affected:Risk Level:8.1Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Sengled Zigbee Smart Bulb is vulnerable to a denial...
Broadcom Symantec Identity Manager response splitting | CVE-2023-23950
NAME__________Broadcom Symantec Identity Manager response splittingPlatforms Affected:Broadcom Symantec Identity Manager 14.3 Broadcom Symantec Identity Manager 14.4Risk Level:8.1Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Broadcom Symantec...
Book Store Management System cross-site scripting | CVE-2023-23024
NAME__________Book Store Management System cross-site scriptingPlatforms Affected:Risk Level:7.2Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Book Store Management System is vulnerable to cross-site scripting, caused by...
Tenable.sc cross-site scripting | CVE-2023-24494
NAME__________Tenable.sc cross-site scriptingPlatforms Affected:Tenable Tenable.sc 5.23.1Risk Level:8.3Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Tenable.sc is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
Nodejs simple-git module code execution | CVE-2022-25860
NAME__________Nodejs simple-git module code executionPlatforms Affected:Node.js simple-git 3.15.1Risk Level:8.1Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION__________Nodejs simple-git module could allow a remote attacker...
Sierra Wireless AirLink Router command execution | CVE-2022-46649
NAME__________Sierra Wireless AirLink Router command executionPlatforms Affected:Risk Level:8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Sierra Wireless AirLink Router could allow a remote authenticated attacker to...
Jenkins Keycloak Authentication Plugin security bypass | CVE-2023-24456
NAME__________Jenkins Keycloak Authentication Plugin security bypassPlatforms Affected:Jenkins Keycloak Authentication Plugin 2.3.0Risk Level:8.8Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Jenkins Keycloak Authentication Plugin could allow a...
Broadcom Symantec Identity Manager cross-site scripting | CVE-2023-23949
NAME__________Broadcom Symantec Identity Manager cross-site scriptingPlatforms Affected:Broadcom Symantec Identity Manager 14.3 Broadcom Symantec Identity Manager 14.4Risk Level:8.1Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Broadcom Symantec...
Econolite EOS brute force | CVE-2023-0452
NAME__________Econolite EOS brute forcePlatforms Affected:Risk Level:9.8Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Econolite EOS is vulnerable to a brute force attack, caused by the use...
Delta Electronics InfraSuite Device Master privilege escalation | CVE-2023-0444
NAME__________Delta Electronics InfraSuite Device Master privilege escalationPlatforms Affected:Delta Electronics InfraSuite Device Master 00.00.01aRisk Level:8.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Delta Electronics InfraSuite Device Master...
Daily Vulnerability Trends: Fri Jan 27 2023
Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2022-21225Improper neutralization in the Intel(R) Data Center Manager software before version 4.1...
Jenkins Bitbucket OAuth Plugin security bypass | CVE-2023-24427
NAME__________Jenkins Bitbucket OAuth Plugin security bypassPlatforms Affected:Jenkins Bitbucket OAuth Plugin 0.12Risk Level:8.8Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Jenkins Bitbucket OAuth Plugin could allow a...
Jenkins Azure AD Plugin security bypass | CVE-2023-24426
NAME__________Jenkins Azure AD Plugin security bypassPlatforms Affected:Jenkins Azure AD Plugin 303.va_91ef20ee49fRisk Level:8.8Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Jenkins Azure AD Plugin could allow a...
Jenkins OpenID Plugin security bypass | CVE-2023-24444
NAME__________Jenkins OpenID Plugin security bypassPlatforms Affected:Jenkins OpenID Plugin 2.4Risk Level:8.8Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Jenkins OpenID Plugin could allow a remote attacker to...
Jenkins OpenId Connect Authentication Plugin security bypass | CVE-2023-24424
NAME__________Jenkins OpenId Connect Authentication Plugin security bypassPlatforms Affected:Jenkins OpenId Connect Authentication Plugin 2.4Risk Level:8.8Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Jenkins OpenId Connect Authentication Plugin...
Dasherr file upload | CVE-2023-23607
NAME__________Dasherr file uploadPlatforms Affected:Risk Level:9.8Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION__________Dasherr could allow a remote attacker to upload arbitrary files, caused by...
Jenkins Script Security Plugin code execution | CVE-2023-24422
NAME__________Jenkins Script Security Plugin code executionPlatforms Affected:Jenkins Script Security Plugin 1228.vd93135a_2fb_25Risk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Jenkins Script Security Plugin could allow a...
Lexmark products server-side request forgery | CVE-2023-23560
NAME__________Lexmark products server-side request forgeryPlatforms Affected:Risk Level:9Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Lexmark products are vulnerable to server-side request forgery, caused by improper input...
LearnPress plugin for WordPress file inclusion | CVE-2022-47615
NAME__________LearnPress plugin for WordPress file inclusionPlatforms Affected:Risk Level:9.3Exploitability:UnprovenConsequences:File Manipulation DESCRIPTION__________LearnPress plugin for WordPress could allow a remote attacker to include...
VMware vRealize Log Insight directory traversal | CVE-2022-31706
NAME__________VMware vRealize Log Insight directory traversalPlatforms Affected:VMware vRealize Log Insight 8.0.0 VMware Cloud Foundation 3.0 VMware Cloud Foundation 4.0 VMware...
Daily Vulnerability Trends: Thu Jan 26 2023
Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2022-42864A race condition was addressed with improved state handling. This issue is...
VMware vRealize Log Insight code execution | CVE-2022-31704
NAME__________VMware vRealize Log Insight code executionPlatforms Affected:VMware vRealize Log Insight 8.0.0 VMware Cloud Foundation 3.0 VMware Cloud Foundation 4.0 VMware...
Google Chrome code execution | CVE-2023-0471
NAME__________Google Chrome code executionPlatforms Affected:Google Chrome 109.0Risk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Google Chrome could allow a remote attacker to execute arbitrary code...
