Daily Vulnerability Trends: Mon Feb 27 2023
Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2022-46877By confusing the browser, the fullscreen notification could have been delayed or...
CVE
Apple iOS, iPadOS and macOS Ventura privilege escalation | CVE-2023-23530
NAME__________Apple iOS, iPadOS and macOS Ventura privilege escalationPlatforms Affected:Apple macOS Ventura 13.1 Apple iOS 16.2 Apple iPadOS 16.2Risk Level:7.8Exploitability:UnprovenConsequences:Gain Privileges...
Apple iOS, iPadOS and macOS Ventura information disclosure | CVE-2023-23520
NAME__________Apple iOS, iPadOS and macOS Ventura information disclosurePlatforms Affected:Apple macOS Ventura 13.1 Apple iOS 16.2 Apple iPadOS 16.2Risk Level:5.5Exploitability:UnprovenConsequences:Obtain Information...
Cisco Firepower 4100, 9300 Security Appliances, and UCS Fabric Interconnects command execution | CVE-2023-20015
NAME__________Cisco Firepower 4100, 9300 Security Appliances, and UCS Fabric Interconnects command executionPlatforms Affected:Cisco UCS 6200 Series Fabric Interconnects Cisco UCS...
Apple iOS, iPadOS and macOS Ventura privilege escalation | CVE-2023-23531
NAME__________Apple iOS, iPadOS and macOS Ventura privilege escalationPlatforms Affected:Apple macOS Ventura 13.1 Apple iOS 16.2 Apple iPadOS 16.2Risk Level:7.8Exploitability:UnprovenConsequences:Gain Privileges...
Bumsys cross-site scripting | CVE-2023-0995
NAME__________Bumsys cross-site scriptingPlatforms Affected:Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Bumsys is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by...
JetBrains TeamCity cross-site scripting | CVE-2022-48344
NAME__________JetBrains TeamCity cross-site scriptingPlatforms Affected:Risk Level:5.4Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________JetBrains TeamCity is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
MuYuCMS directory traversal | CVE-2023-1002
NAME__________MuYuCMS directory traversalPlatforms Affected:Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________MuYuCMS could allow a remote attacker to traverse directories on the system, caused by...
JetBrains TeamCity cross-site scripting | CVE-2022-48343
NAME__________JetBrains TeamCity cross-site scriptingPlatforms Affected:Risk Level:5.4Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________JetBrains TeamCity is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
Gradio default account | CVE-2023-25823
NAME__________Gradio default accountPlatforms Affected:Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Gradio contains default hardcoded credentials. A remote attacker could exploit this vulnerability to gain...
Cisco Firepower 4100, 9300 Security Appliances, and UCS Fabric Interconnects command execution | CVE-2023-20015
NAME__________Cisco Firepower 4100, 9300 Security Appliances, and UCS Fabric Interconnects command executionPlatforms Affected:Cisco UCS 6200 Series Fabric Interconnects Cisco UCS...
JetBrains TeamCity weak security | CVE-2022-48342
NAME__________JetBrains TeamCity weak securityPlatforms Affected:Risk Level:5.2Exploitability:UnprovenConsequences:Configuration DESCRIPTION__________JetBrains TeamCity could provide weaker than expected security, caused by jVMTI being enabled by...
IBM Maximo Application Suite information disclosure | CVE-2022-43923
NAME__________IBM Maximo Application Suite information disclosurePlatforms Affected:IBM Maximo Application Suite 8.8.0 IBM Maximo Application Suite 8.9.0Risk Level:6.2Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________IBM Maximo...
Online Pizza Ordering System cross-site request forgery | CVE-2023-0988
NAME__________Online Pizza Ordering System cross-site request forgeryPlatforms Affected:Risk Level:4.3Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION__________Online Pizza Ordering System is vulnerable to cross-site...
Apple iOS, iPadOS and macOS Ventura information disclosure | CVE-2023-23520
NAME__________Apple iOS, iPadOS and macOS Ventura information disclosurePlatforms Affected:Apple macOS Ventura 13.1 Apple iOS 16.2 Apple iPadOS 16.2Risk Level:5.5Exploitability:UnprovenConsequences:Obtain Information...
Apple iOS, iPadOS and macOS Ventura privilege escalation | CVE-2023-23531
NAME__________Apple iOS, iPadOS and macOS Ventura privilege escalationPlatforms Affected:Apple macOS Ventura 13.1 Apple iOS 16.2 Apple iPadOS 16.2Risk Level:7.8Exploitability:UnprovenConsequences:Gain Privileges...
Online Pizza Ordering System cross-site scripting | CVE-2023-0987
NAME__________Online Pizza Ordering System cross-site scriptingPlatforms Affected:Risk Level:3.5Exploitability:Proof of ConceptConsequences:Cross-Site Scripting DESCRIPTION__________Online Pizza Ordering System is vulnerable to cross-site scripting,...
MantisBT information disclosure | CVE-2023-22476
NAME__________MantisBT information disclosurePlatforms Affected:Risk Level:4.3Exploitability:UnprovenConsequences: DESCRIPTION__________MantisBT could allow a remote authenticated attacker to obtain sensitive information, caused by insufficient access-level...
Apple iOS, iPadOS and macOS Ventura privilege escalation | CVE-2023-23530
NAME__________Apple iOS, iPadOS and macOS Ventura privilege escalationPlatforms Affected:Apple macOS Ventura 13.1 Apple iOS 16.2 Apple iPadOS 16.2Risk Level:7.8Exploitability:UnprovenConsequences:Gain Privileges...
Twister Antivirus security bypass | CVE-2023-1007
NAME__________Twister Antivirus security bypassPlatforms Affected:Risk Level:5.3Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Twister Antivirus could allow a local authenticated attacker to bypass security restrictions,...
Sales Tracker Management System SQL injection | CVE-2023-0986
NAME__________Sales Tracker Management System SQL injectionPlatforms Affected:Risk Level:6.3Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________Sales Tracker Management System is vulnerable to SQL injection. A remote...
Sourcecodester Medical Certificate Generator App cross-site scripting | CVE-2023-1006
NAME__________Sourcecodester Medical Certificate Generator App cross-site scriptingPlatforms Affected:Risk Level:3.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Sourcecodester Medical Certificate Generator App is vulnerable to cross-site scripting,...
SquaredUp Dashboard Server cross-site scripting | CVE-2022-46785
NAME__________SquaredUp Dashboard Server cross-site scriptingPlatforms Affected:Risk Level:6.1Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________SquaredUp Dashboard Server SCOM Edition, SquaredUp Dashboard Server Azure Edition, and SquaredUp...
SquaredUp Dashboard Server open redirect | CVE-2022-46784
NAME__________SquaredUp Dashboard Server open redirectPlatforms Affected:Risk Level:5.3Exploitability:UnprovenConsequences:Other DESCRIPTION__________SquaredUp Dashboard Server SCOM Edition, SquaredUp Dashboard Server Azure Edition, and SquaredUp Dashboard...
