Gain Access

Fl3xx Dispatch app for iOS and Fl3xx Crew file upload | CVE-2023-42335

September 22, 2023

NAME__________Fl3xx Dispatch app for iOS and Fl3xx Crew file uploadPlatforms Affected:Fl3xx Fl3xx Dispatch app for iOS 2.10.37 Fl3xx Fl3xx Crew...

Mastodon spoofing | CVE-2023-42451

September 22, 2023

NAME__________Mastodon spoofingPlatforms Affected:Mastodon Mastodon 4.2.0-beta1Risk Level:7.7Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Mastodon could allow a remote attacker to conduct spoofing attacks, caused by an...

Mastodon server-side request forgery | CVE-2023-42450

September 22, 2023

NAME__________Mastodon server-side request forgeryPlatforms Affected:Mastodon Mastodon 4.2.0-beta1Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Mastodon is vulnerable to server-side request forgery, caused by improper input...

Ashlar-Vellum Cobalt code execution | CVE-2023-42103

September 22, 2023

NAME__________Ashlar-Vellum Cobalt code executionPlatforms Affected:Ashlar-Vellum CobaltRisk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Ashlar-Vellum Cobalt could allow a remote attacker to execute arbitrary code on...

iCMS cross-site request forgery | CVE-2023-42321

September 22, 2023

NAME__________iCMS cross-site request forgeryPlatforms Affected:iCMS iCMS 7.0.16Risk Level:7.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________iCMS is vulnerable to cross-site request forgery, caused by improper validation...

Ashlar-Vellum Cobalt code execution | CVE-2023-42101

September 22, 2023

Ashlar-Vellum Cobalt code execution | CVE-2023-42105

September 22, 2023

Ashlar-Vellum Cobalt code execution | CVE-2023-42102

September 22, 2023

Ashlar-Vellum Cobalt code execution | CVE-2023-42104

September 22, 2023

Dropbox Folder Share plugin for WordPress server-side request forgery | CVE-2023-3025

September 21, 2023

NAME__________Dropbox Folder Share plugin for WordPress server-side request forgeryPlatforms Affected:WordPress Dropbox Folder Share plugin for WordPress 1.9.7 WordPress Dropbox Folder...

Openupload command execution | CVE-2023-36319

September 21, 2023

NAME__________Openupload command executionPlatforms Affected:openupload openupload 0.4.3Risk Level:7.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Openupload could allow a remote attacker to execute arbitrary commands on the...

Jenkins Build Failure Analyzer Plugin cross-site request forgery | CVE-2023-43500

September 21, 2023

NAME__________Jenkins Build Failure Analyzer Plugin cross-site request forgeryPlatforms Affected:Jenkins Build Failure Analyzer Plugin 2.4.1Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Jenkins Build Failure Analyzer...

Jenkins weekly and LTS code execution | CVE-2023-43496

September 21, 2023

NAME__________Jenkins weekly and LTS code executionPlatforms Affected:Jenkins weekly 2.423 Jenkins LTS 2.414.1Risk Level:7Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Jenkins weekly and LTS could allow...

Jenkins Build Failure Analyzer Plugin cross-site request forgery | CVE-2023-43502

September 21, 2023

OpenPrinting CUPS buffer overflow | CVE-2023-4504

September 21, 2023

NAME__________OpenPrinting CUPS buffer overflowPlatforms Affected:OpenPrinting CUPS 2.5b1Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________OpenPrinting CUPS is vulnerable to a heap-based buffer overflow, caused by...

Quay Container Registry cross-site request forgery | CVE-2023-4959

September 20, 2023

NAME__________Quay Container Registry cross-site request forgeryPlatforms Affected:Red Hat Quay 3Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Quay Container Registry is vulnerable to cross-site request...

Eclipse Jetty weak security | CVE-2023-36479

September 20, 2023

NAME__________Eclipse Jetty weak securityPlatforms Affected:Eclipse Jetty 11.0.15 Eclipse Jetty 9.4.51 Eclipse Jetty 10.0.15 Eclipse Jetty 12.0.0-beta1Risk Level:3.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Eclipse Jetty...

memos cross-site request forgery | CVE-2023-5036

September 20, 2023

NAME__________memos cross-site request forgeryPlatforms Affected:Memos Memos 0.14.4Risk Level:7.3Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION__________memos is vulnerable to cross-site request forgery, caused by...

Jetty request smuggling | CVE-2023-40167

September 20, 2023

NAME__________Jetty request smugglingPlatforms Affected:Eclipse Jetty 10.0.0 Eclipse Jetty 11.0.0 Eclipse Jetty 10.0.15 Eclipse Jetty 11.0.15 Eclipse Jetty 12.0.0 Eclipse Jetty...

mooSocial cross-site request forgery | CVE-2023-40868

September 20, 2023

NAME__________mooSocial cross-site request forgeryPlatforms Affected:mooSocial mooSocial 3.1.7 mooSocial mooSocial 3.1.6Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________mooSocial is vulnerable to cross-site request forgery, caused...

Juplink RX4-1500 default account | CVE-2023-41030

September 20, 2023

NAME__________Juplink RX4-1500 default accountPlatforms Affected:Juplink RX4-1500 1.0.5 Juplink RX4-1500 1.0.2Risk Level:6.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Juplink RX4-1500 contains default hardcoded credentials. A remote...

Omron Sysmac Studio code execution | CVE-2022-45793

September 20, 2023

NAME__________Omron Sysmac Studio code executionPlatforms Affected:Omron Sysmac Studio 1.54Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Omron Sysmac Studio could allow a local authenticated attacker...

Linux Kernel integer overflow | CVE-2023-42752

September 20, 2023

NAME__________Linux Kernel integer overflowPlatforms Affected:Linux KernelRisk Level:6.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Linux Kernel could allow a local authenticated attacker to execute arbitrary code...

Apache Flink Stateful Functions HTTP header injection | CVE-2023-41834

September 20, 2023

NAME__________Apache Flink Stateful Functions HTTP header injectionPlatforms Affected:Apache Flink Stateful Functions 3.1.0 Apache Flink Stateful Functions 3.2.0Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Apache...

Gain Access

Fl3xx Dispatch app for iOS and Fl3xx Crew file upload | CVE-2023-42335

Mastodon spoofing | CVE-2023-42451

Mastodon server-side request forgery | CVE-2023-42450

Ashlar-Vellum Cobalt code execution | CVE-2023-42103

iCMS cross-site request forgery | CVE-2023-42321

Ashlar-Vellum Cobalt code execution | CVE-2023-42101

Ashlar-Vellum Cobalt code execution | CVE-2023-42105

Ashlar-Vellum Cobalt code execution | CVE-2023-42102

Ashlar-Vellum Cobalt code execution | CVE-2023-42104

Dropbox Folder Share plugin for WordPress server-side request forgery | CVE-2023-3025

Openupload command execution | CVE-2023-36319

Jenkins Build Failure Analyzer Plugin cross-site request forgery | CVE-2023-43500

Jenkins weekly and LTS code execution | CVE-2023-43496

Jenkins Build Failure Analyzer Plugin cross-site request forgery | CVE-2023-43502

OpenPrinting CUPS buffer overflow | CVE-2023-4504

Quay Container Registry cross-site request forgery | CVE-2023-4959

Eclipse Jetty weak security | CVE-2023-36479

memos cross-site request forgery | CVE-2023-5036

Jetty request smuggling | CVE-2023-40167

mooSocial cross-site request forgery | CVE-2023-40868

Juplink RX4-1500 default account | CVE-2023-41030

Omron Sysmac Studio code execution | CVE-2022-45793

Linux Kernel integer overflow | CVE-2023-42752

Apache Flink Stateful Functions HTTP header injection | CVE-2023-41834

CISA: Microsoft Releases December 2024 Security Updates

CISA: Cisco Releases Security Updates for NX-OS Software

CISA: Ivanti Releases Security Updates for Multiple Products

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: ASD’s ACSC, CISA, and US and International Partners Release Guidance on Choosing Secure and Verifiable Technologies

You may have missed