CVE

Foxit PDF Reader code execution | CVE-2023-38117

July 27, 2023

NAME__________Foxit PDF Reader code executionPlatforms Affected:Foxit PDF ReaderRisk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Foxit PDF Reader could allow a remote attacker to execute...

Ubuntu privilege escalation | CVE-2023-2640

July 27, 2023

NAME__________Ubuntu privilege escalationPlatforms Affected:Ubuntu UbuntuRisk Level:7.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Ubuntu could allow a local authenticated attacker to gain elevated privileges on the...

Jenkins Gradle Plugin information disclosure | CVE-2023-39152

July 27, 2023

NAME__________Jenkins Gradle Plugin information disclosurePlatforms Affected:Jenkins Gradle Plugin 2.8Risk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Jenkins Gradle Plugin could allow a remote authenticated attacker...

Foxit PDF Reader information disclosure | CVE-2023-38110

July 27, 2023

NAME__________Foxit PDF Reader information disclosurePlatforms Affected:Foxit PDF ReaderRisk Level:3.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Foxit PDF Reader could allow a remote attacker to obtain...

Foxit PDF Reader information disclosure | CVE-2023-38113

July 27, 2023

Foxit PDF Reader information disclosure | CVE-2023-38109

July 27, 2023

Foxit PDF Reader information disclosure | CVE-2023-38115

July 27, 2023

Foxit PDF Reader information disclosure | CVE-2023-38105

July 27, 2023

Trend Micro Apex Central server-side request forgery | CVE-2023-38625

July 27, 2023

NAME__________Trend Micro Apex Central server-side request forgeryPlatforms Affected:Trend Micro Apex Central 2019Risk Level:4.2Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Trend Micro Apex Central is vulnerable...

Jenkins Qualys Web App Scanning Connector Plugin information disclosure | CVE-2023-39154

July 27, 2023

NAME__________Jenkins Qualys Web App Scanning Connector Plugin information disclosurePlatforms Affected:Jenkins Qualys Web App Scanning Connector Plugin 2.0.10Risk Level:4.2Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Jenkins...

Jenkins Chef Identity Plugin information disclosure | CVE-2023-39155

July 27, 2023

NAME__________Jenkins Chef Identity Plugin information disclosurePlatforms Affected:Jenkins Chef Identity Plugin 2.0.3Risk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Jenkins Chef Identity Plugin could allow a...

Trend Micro Apex Central server-side request forgery | CVE-2023-38627

July 27, 2023

Daily Vulnerability Trends: Thu Jul 27 2023

July 27, 2023

Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2023-38408The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently...

Weaver e-cology SQL injection | CVE-2023-3793

July 26, 2023

NAME__________Weaver e-cology SQL injectionPlatforms Affected:Weaver e-cology 10.57Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Weaver e-cology is vulnerable to SQL injection. A remote attacker could...

GNOME librsvg directory traversal | CVE-2023-38633

July 26, 2023

NAME__________GNOME librsvg directory traversalPlatforms Affected:GNOME librsvg 2.56.2Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________GNOME librsvg could allow a remote attacker to traverse directories on...

Bug Finder ChainCity Real Estate Investment Platform SQL injection | CVE-2023-3795

July 26, 2023

NAME__________Bug Finder ChainCity Real Estate Investment Platform SQL injectionPlatforms Affected:Bug Finder ChainCity Real Estate Investment Platform 1.0Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Bug...

IceWarp Icearp cross-site scripting | CVE-2023-37728

July 26, 2023

NAME__________IceWarp Icearp cross-site scriptingPlatforms Affected:IceWarp Icearp 10.2.1Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________IceWarp Icearp is vulnerable to cross-site scripting, caused by improper validation...

MobiSystems Office Suite cross-site scripting | CVE-2023-38617

July 26, 2023

NAME__________MobiSystems Office Suite cross-site scriptingPlatforms Affected:MobiSystems Office Suite Premium 10.9.1.42602Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________MobiSystems Office Suite is vulnerable to cross-site scripting,...

EyouCMS information disclosure | CVE-2023-37645

July 26, 2023

NAME__________EyouCMS information disclosurePlatforms Affected:EyouCMS EyouCMS 1.6.3Risk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________EyouCMS could allow a remote attacker to obtain sensitive information, caused by...

Indico cross-site scripting | CVE-2023-37901

July 26, 2023

NAME__________Indico cross-site scriptingPlatforms Affected:Indico Indico 3.2.5Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Indico is vulnerable to cross-site scripting, caused by improper validation of user-supplied...

Cockpit CMS security bypass | CVE-2023-37649

July 26, 2023

NAME__________Cockpit CMS security bypassPlatforms Affected:Cockpit-HQ Cockpit 2.5.2Risk Level:7.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Cockpit CMS could allow a remote attacker to bypass security restrictions,...

REDCap SQL injection | CVE-2023-37361

July 26, 2023

NAME__________REDCap SQL injectionPlatforms Affected:Vanderbilt University REDCap 12.0.25 LTS Vanderbilt University REDCap 12.3.1 StandardRisk Level:3.8Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________REDCap is vulnerable to SQL...

Bug Finder MineStack cross-site scripting | CVE-2023-3835

July 26, 2023

NAME__________Bug Finder MineStack cross-site scriptingPlatforms Affected:Bug Finder MineStack 1.0Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Bug Finder MineStack is vulnerable to cross-site scripting, caused...

NxFilter cross-site scripting | CVE-2023-3840

July 26, 2023

NAME__________NxFilter cross-site scriptingPlatforms Affected:NxFilter NxFilter 4.3.2.5Risk Level:6.1Exploitability:HighConsequences:Gain Access DESCRIPTION__________NxFilter is vulnerable to cross-site scripting, caused by improper validation of user-supplied...

CVE

Foxit PDF Reader code execution | CVE-2023-38117

Ubuntu privilege escalation | CVE-2023-2640

Jenkins Gradle Plugin information disclosure | CVE-2023-39152

Foxit PDF Reader information disclosure | CVE-2023-38110

Foxit PDF Reader information disclosure | CVE-2023-38113

Foxit PDF Reader information disclosure | CVE-2023-38109

Foxit PDF Reader information disclosure | CVE-2023-38115

Foxit PDF Reader information disclosure | CVE-2023-38105

Trend Micro Apex Central server-side request forgery | CVE-2023-38625

Jenkins Qualys Web App Scanning Connector Plugin information disclosure | CVE-2023-39154

Jenkins Chef Identity Plugin information disclosure | CVE-2023-39155

Trend Micro Apex Central server-side request forgery | CVE-2023-38627

Daily Vulnerability Trends: Thu Jul 27 2023

Weaver e-cology SQL injection | CVE-2023-3793

GNOME librsvg directory traversal | CVE-2023-38633

Bug Finder ChainCity Real Estate Investment Platform SQL injection | CVE-2023-3795

IceWarp Icearp cross-site scripting | CVE-2023-37728

MobiSystems Office Suite cross-site scripting | CVE-2023-38617

EyouCMS information disclosure | CVE-2023-37645

Indico cross-site scripting | CVE-2023-37901

Cockpit CMS security bypass | CVE-2023-37649

REDCap SQL injection | CVE-2023-37361

Bug Finder MineStack cross-site scripting | CVE-2023-3835

NxFilter cross-site scripting | CVE-2023-3840

[BLACKSHRANTAC] – Ransomware Victim: ApleNet Co[.], Ltd

[QILIN] – Ransomware Victim: Disseny Dental

Cobalt Strike Beacon Detected – 196[.]251[.]69[.]253:4433

Cobalt Strike Beacon Detected – 124[.]223[.]114[.]203:4433

Cobalt Strike Beacon Detected – 8[.]137[.]114[.]210:4433

You may have missed