NATIONAL CRITICAL INFORMATION INFRASTRUCTURE PROTECTION CENTRE (NCIIPC)

A Unit of National Technical Research Organisation

Home Initiatives

Alert and Advisories - 2023

January February March April May June July August September October November December
  • Libreoffice Security Update (31 Dec 2023)

    Multiple vulnerabilities have been discovered in LibreOffice software suite. Upgrade libreoffice packages to resolve the issues.
    CVE ID: CVE-2023-6186, CVE-2023-6185, CVE-2020-12803, CVE-2020-12802, CVE-2020-12801

  • SUSE Security Updates (29 Dec 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • SUSE Security Updates (28 Dec 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several NetApp Products (27 Dec 2023)

    Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Vulnerability in IBM Maximo Application Suite - IoT Component (26 Dec 2023)

    An arbitrary code execution vulnerability by sending a specially crafted request has been discovered in IBM Maximo Application Suite - IoT Component's "quartz-jobs-2.3.2.jar". The affected products are IBM Maximo Application Suite - IoT Component 8.7 & IoT Component 8.8. Security updates are available.
    CVE ID: CVE-2023-39017 (Critical)

  • Google Released Security Updates for Chrome (26 Dec 2023)

    Google has released an updated stable channel to 119.0.6045.214 (Platform version: 15633.72.0) for most ChromeOS devices to resolve multiple bugs.

  • Multiple Vulnerabilities in Several IBM Products (26 Dec 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • SUSE Security Updates (26 Dec 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Docker (25 Dec 2023)

    Multiple vulnerabilities have been identified within Docker shipped as pattern type (pType) component with Cloud Pak System Software.
    CVE ID: CVE-2023-28842 (Medium), CVE-2023-28840 (High), CVE-2023-28841 (Medium)

  • SUSE Security Updates (25 Dec 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • IBM Security SOAR is using a component with a known vulnerability (23 Dec 2023)

    IBM Security SOAR uses an older version of Apache ActiveMQ that may be identified and exploited. Updates for supported versions have been released which address the issue.
    CVE ID: CVE-2023-46604 (Critical)

  • Vulnerability in Moxa ioLogik E1200 Series firmware (23 Dec 2023)

    A Cross-Site Request Forgery (CSRF) vulnerability and an use of a Broken or Risky Cryptographic Algorithm vulnerability have been identified in Moxa ioLogik E1200 Series firmware versions v3.3 and prior.
    CVE ID: CVE-2023-5961, CVE-2023-5962

  • osslsigncode security update (23 Dec 2023)

    A Buffer Overflow vulnerability has been found in osslsigncode, which possibly allows an malicious attacker to execute arbitrary code when signing a crafted file.
    CVE ID: CVE-2023-36377

  • Critical Vulnerability in crypto-js (21 Dec 2023)

    A critical vulnerability has been observed in Brix crypto-js which could allow a remote attacker to obtain sensitive information.
    CVE ID: CVE-2023-46233 (Critical)

  • Multiple Vulnerabilities in Several Mitsubishi Electric FA products (21 Dec 2023)

    Multiple vulnerabilities exist in several Mitsubishi Electric FA products due to OpenSSL vulnerabilities. An attacker could disclose information in the product or could cause Denial-of-Service (DoS) condition.
    CVE ID: CVE-2022-4304, CVE-2022-4450, CVE2023-0286

  • Vulnerability in JCDashboards component for Joomla (20 Dec 2023)

     A Server Side Request Forgery (SSRF) which lead to a Local File Inclusion (LFI) vulnerability has been discovered in the JCDashboards component for Joomla.
    CVE ID: CVE-2023-40630 (Critical)
  • Vulnerability in SchedMD Slurm (20 Dec 2023)

     A SQL injection vulnerability has been discovered in SchedMD Slurm. The affected version is SchedMD Slurm 23.11.x. Security updates are available.
    CVE ID: CVE-2023-49934 (Critical)
  • Vulnerability in Avalanche (20 Dec 2023)

     A Remove Code Execution (RCE) vulnerability due to unrestricted upload of files has been discovered in Avalanche. The affected versions are Avalanche 6.4.1 and below.
    CVE ID: CVE-2023-46264 (Critical)
  • Vulnerability in Avalanche (20 Dec 2023)

     A Remove Code Execution (RCE) vulnerability due to unrestricted upload of files has been discovered in Avalanche. The affected versions are Avalanche 6.4.1 and below.
    CVE ID: CVE-2023-46263 (Critical)
  • Vulnerability in Shenzhen Libituo Technology Co. Ltd (19 Dec 2023)

     A buffer overflow vulnerability has been discovered in Shenzhen Libituo Technology Co. Ltd. The affected version is Shenzhen Libituo Technology Co. Ltd LBT-T300-T310 v2.2.2.6.
    CVE ID: CVE-2023-50469 (Critical)
  • Vulnerability in MajorDoMo (19 Dec 2023)

     A command execution vulnerability has been discovered in MajorDoMo. The affected versions are MajorDoMo (aka Major Domestic Module) before 0662e5e.
    CVE ID: CVE-2023-50917 (Critical)
  • Vulnerability in NETGEAR (19 Dec 2023)

     A command injection vulnerability has been discovered in NETGEAR WNR2000v4. The affected version is NETGEAR WNR2000v4 version 1.0.0.70.
    CVE ID: CVE-2023-50089 (Critical)
  • Mozilla Released Security Updates (19 Nov 2023)

     Mozilla has released security updates to address multiple vulnerabilities in Firefox 121, Thunderbird 115.6, and Firefox ESR 115.6. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-6856 (High), CVE-2023-6135 (High), CVE-2023-6865 (High), CVE-2023-6857 (Medium), CVE-2023-6858 (Medium), CVE-2023-6859 (Medium), CVE-2023-6866 (Medium), CVE-2023-6860 (Medium), CVE-2023-6867 (Medium), CVE-2023-6861 (Medium), CVE-2023-6868 (Medium), CVE-2023-6869 (Low), CVE-2023-6870 (Low), CVE-2023-6871 (Low), CVE-2023-6872 (Low), CVE-2023-6863 (Low), CVE-2023-6864 (High), CVE-2023-6873 (High)
  • Vulnerability in Apache Dubbo (19 Dec 2023)

     A deserialization of untrusted data vulnerability has been discovered in Apache Dubbo. The affected version is Apache Dubbo 3.1.5. Security updates are available.
    CVE ID: CVE-2023-46279 (Critical)
  • Vulnerability in Dokmee ECM (19 Dec 2023)

     A Remote Code Execution (RCE) vulnerability has been discovered in Dokmee ECM. The affected version is Dokmee ECM 7.4.6.
    CVE ID: CVE-2023-47261 (Critical)
  • Vulnerability in Joomla (19 Dec 2023)

     A SQLi vulnerability has been discovered in the Starshop component of Joomla.
    CVE ID: CVE-2023-49708 (Critical)
  • Vulnerability in Joomla (19 Dec 2023)

     A SQLi vulnerability has been discovered in the S5 Register module for Joomla.
    CVE ID: CVE-2023-49707 (Critical)
  • Vulnerability in Nagios XI (19 Dec 2023)

     A Remote Code Execution (RCE) vulnerability has been discovered in Nagios XI. The affected versions are Nagios XI before version 5.11.3.
    CVE ID: CVE-2023-48085 (Critical)
  • Vulnerability in Nagios XI (19 Dec 2023)

     A SQL injection vulnerability has been discovered in Nagios XI. The affected versions are Nagios XI before version 5.11.3.
    CVE ID: CVE-2023-48084 (Critical)
  • Vulnerability in Joomla (19 Dec 2023)

     A SQLi vulnerability has been discovered in the LMS Lite component for Joomla.
    CVE ID: CVE-2023-40629 (Critical)
  • Vulnerability in Semcms (18 Dec 2023)

     A SQL injection vulnerability has been discovered in Semcms. The affected version is Semcms v4.8.
    CVE ID: CVE-2023-50563 (Critical)
  • Vulnerability in EmpireCMS (18 Dec 2023)

     A SQL injection vulnerability has been discovered in EmpireCMS. The affected version is EmpireCMS v7.5.
    CVE ID: CVE-2023-50073 (Critical)
  • Vulnerability in Dell DM5500 (18 Dec 2023)

     A stack-based buffer overflow vulnerability has been discovered in Dell DM5500. The affected version is Dell DM5500 5.14.0.0.
    CVE ID: CVE-2023-44305 (Critical)
  • Vulnerability in GitHub Repository Modoboa(18 Dec 2023)

     A weak password requirements vulnerability has been discovered in the GitHub repository Modoboa. The affected versions are GitHub repository Modoboa prior to 2.1.0.
    CVE ID: CVE-2023-2160 (Critical)
  • Vulnerability in GitHub Repository thorsten/phpmyfaq (18 Dec 2023)

     An authentication bypass vulnerability has been discovered in the GitHub repository thorsten/phpmyfaq. The affected versions are GitHub repository thorsten/phpmyfaq prior to 3.1.12.
    CVE ID: CVE-2023-1886 (Critical)
  • Vulnerability in GitHub Repository thorsten/phpmyfaq (18 Dec 2023)

     A weak password requirements vulnerability has been discovered in the GitHub repository  thorsten/phpmyfaq. The affected versions are GitHub repository thorsten/phpmyfaq prior to 3.1.12.
    CVE ID: CVE-2023-1753 (Critical)
  • CVE - KB Correlation (18 Dec 2023)

    List of CVE IDs and corresponding Knowledge Base IDs as released by Microsoft during December 2023.

  • Vulnerability in PHOENIX CONTACT (14 Dec 2023)

     An incorrect permission assignment for critical resource vulnerability has been discovered in PHOENIX CONTACT's Automation Worx & classic line controllers that allows to gain full access of the affected device.
    CVE ID: CVE-2023-46141 (Critical)
  • Vulnerability in PHOENIX CONTACT (14 Dec 2023)

     An incorrect permission assignment for critical resource vulnerability has been discovered in PHOENIX CONTACT MULTIPROG & PHOENIX CONTACT ProConOS eCLR (SDK) that allows to upload arbitrary malicious code and gain full access on the affected device.
    CVE ID: CVE-2023-0757 (Critical)
  • Vulnerability in OpenEXR-viewer (14 Dec 2023)

     A memory overflow vulnerability has been discovered in OpenEXR-viewer. The affected versions are OpenEXR-viewer prior to 0.6.1.
    CVE ID: CVE-2023-50245 (Critical)
  • Apache Struts Vulnerability Affecting Cisco Products (14 Dec 2023)

     A Remote Code Execution (RCE) vulnerability has been discovered in Apache Struts that is affecting Cisco products.
    CVE ID: CVE-2023-50164 (Critical)
  • Google Released Security Updates for Chrome (14 Dec 2023)

     Google has released Dev channel 122.0.6182.0 for Windows, Mac and Linux, and Chrome Dev 122 (122.0.6181.0) for Android.

  • Palo Alto Networks Released Security Updates (13 Dec 2023)

     Palo Alto Networks has released security updates to resolve exposure of sensitive information and local file deletion vulnerabilities in its products.
    CVE ID: CVE-2023-6790 (Medium), CVE-2023-6791 (Medium), CVE-2023-6794 (Medium), CVE-2023-6792 (Medium), CVE-2023-6795 (Medium), CVE-2023-6793 (Medium), CVE-2023-6789 (Medium)
  • Vulnerability in TOTOLink (13 Dec 2023)

     A stack overflow vulnerability has been discovered in TOTOLink A7000R. The affected version is TOTOLink A7000R V9.1.0u.6115_B20201022.
    CVE ID: CVE-2023-49418 (Critical)
  • Vulnerability in TOTOLink (13 Dec 2023)

     A stack overflow vulnerability has been discovered in TOTOLink A7000R. The affected version is TOTOLink A7000R V9.1.0u.6115_B20201022.
    CVE ID: CVE-2023-49417 (Critical)
  • APT 29 Exploiting Authentication Bypass Vulnerability in JetBrains TeamCity (13 Dec 2023)

     It has been observed that Advanced Persistent Threat 29 (APT 29) aka Dukes, CozyBear & NOBELIUM/Midnight Blizzard is exploiting an authentication bypass vulnerability (CVE-2023-42793) that leads to Remote Code Execution (RCE) on TeamCity Server at a large scale. The affected products are JetBrains TeamCity before 2023.05.4. Cybersecurity & Infrastructure Security Agency (CISA) has released MITRE ATT&CK Tactics & Techniques, detection methods, mitigations and IoCs to protect organisations.

  • Google Released Security Updates for Chrome (13 Dec 2023)

     Google has released Chrome Beta 121 (121.0.6167.18) for iOS, Dev channel OS version 15699.10.0, Browser version 121.0.6167.14 for most ChromeOS devices, Chrome Beta 121 (121.0.6167.18) for Android and Beta channel 121.0.6167.16 for Windows, Mac  & Linux.

  • VMware Security Update (12 Dec 2023)

     VMware has released security updates to address a privilege escalation vulnerability in VMware Workspace ONE Launcher. An attacker can exploit this vulnerability to take control of an affected system.
    CVE ID: CVE-2023-34064 (Medium)
  • Vulnerability in Schneider Electric's Equipment (12 Dec 2023)

     A path traversal vulnerability has been discovered in Schneider Electric's Equipment- Easy UPS Online monitoring software. The affected versions are Schneider Electric Easy UPS Online monitoring software (Windows 10, 11, Windows Server 2016, 2019, 2022): 2.6-GA-01-23116 and prior. The mitigations are available.
    CVE ID: CVE-2023-6407 (Medium)
  • Adobe Released Security Updates (12 Dec 2023)

    Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Multiple Vulnerabilities in Fortinet Products (12 Dec 2023)

    Multiple vulnerabilities have been discovered in FortiOS, FortiPAM and FortiProxy. Security updates are available.
    CVE ID: CVE-2023-41678 (High), CVE-2023-47536 (Low), CVE-2023-36639 (High)
  • Microsoft Released December 2023 Security Updates (12 Dec 2023)

    Microsoft has released security updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-35618 (Critical), CVE-2023-36019 (Critical)
  • Google Released Security Updates for Chrome (12 Dec 2023)

    Google has released Stable channel OS version: 15633.69.0 Browser version: 119.0.6045.212 for most ChromeOS devices, Chrome Stable 120 (120.0.6099.119) for iOS and Stable channel 120.0.6099.109 for Mac, Linux and Windows to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-6702 (High), CVE-2023-6703 (High), CVE-2023-6704 (High), CVE-2023-6705 (High), CVE-2023-6706 (High), CVE-2023-6707 (High)
  • Vulnerability in DrayTek Vigor167 (12 Dec 2023)

    An OS Command Injection vulnerability has been discovered in DrayTek Vigor167. The affected version is DrayTek Vigor167 version 5.2.2.
    CVE ID: CVE-2023-47254 (Critical)
  • Apple Security Updates (11 Dec 2023)

    Apple has released security updates to address multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected device.
    CVE ID: CVE-2023-42874, CVE-2023-42890, CVE-2023-42881, CVE-2023-42882, CVE-2023-42883, CVE-2023-42884, CCVE-2023-42886, VE-2023-42900, CVE-2023-42901, CVE-2023-42902, CVE-2023-42903, CVE-2023-42904, CVE-2023-42904, CVE-2023-42905, CVE-2023-42906, CVE-2023-42907, CVE-2023-42908, CVE-2023-42909, CVE-2023-42910, CVE-2023-42911, CVE-2023-42912, CVE-2023-42914, CVE-2023-42916, CVE-2023-42917, CVE-2023-42919, CVE-2023-42922, CVE-2023-42923, CVE-2023-42884, CVE-2023-42894, CVE-2023-42897, CVE-2023-45866, CVE-2023-42924, CVE-2023-42926, CVE-2023-42927, CVE-2023-42922, CVE-2023-42898, CVE-2023-42899
  • Vulnerability in Samsung (11 Dec 2023)

    An improper input validation vulnerability has been discovered in Samsung Open Source Escargot. The affected versions are Samsung Open Source Escargot from 3.0.0 through 4.0.0.
    CVE ID: CVE-2023-41268 (Critical)
  • Vulnerability in Apache Struts 2 (09 Dec 2023)

     A Remote Code Execution (RCE) vulnerability has been discovered in Apache Struts 2. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this vulnerability.
    CVE ID: CVE-2023-50164 (Critical)
  • Microsoft Edge Security Update (07 Dec 2023)

    Microsoft has released Microsoft Edge Stable Channel (Version 120.0.2210.61) to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-38174 (Medium), CVE-2023-35618 (Critical), CVE-2023-36880 (Medium)
  • Multiple Vulnerabilities in Mitsubishi Electric Products (07 Dec 2023)

     Multiple vulnerabilities have been discovered in Mitsubishi Electric FA products that allow to disclose information in the affected products. The mitigation is available.
    CVE ID: CVE-2022-21151 (Medium), CVE-2021-33149 (Low)
  • Google Released Security Updates for Chrome (06 Dec 2023)

     Google has released Beta channel 120.0.6099.80 (Platform version: 15662.35.0) for ChromeOS devices and Stable channel 120.0.6099.71 for Mac, Linux & Windows.

  • Vulnerability in Jupiter (06 Dec 2023)

     A deserialization vulnerability has been discovered in Jupiter that allows it to execute arbitrary commands. The affected version is Jupiter v1.3.1.
    CVE ID: CVE-2023-48887 (Critical)
  • Vulnerability in Jupiter (06 Dec 2023)

     A deserialization vulnerability has been discovered in NettyRpc that allows it to execute arbitrary commands. The affected version is NettyRpc v1.2.
    CVE ID: CVE-2023-48886 (Critical)
  • Vulnerability in TOTOLINK (06 Dec 2023)

     A command execution vulnerability has been discovered in TOTOLINK. The affected version is TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719.
    CVE ID: CVE-2023-48801 (Critical)
  • Vulnerability in D-Link (06 Dec 2023)

     A command injection vulnerability has been discovered in D-Link. The affected version is D-Link Go-RT-AC750 revA_v101b03.
    CVE ID: CVE-2023-48842 (Critical)
  • Vulnerability in RuoYi (06 Dec 2023)

     A SQL injection vulnerability has been discovered in RuoYi. The affected versions are RuoYi up to v4.6.
    CVE ID: CVE-2023-49371 (Critical)
  • Vulnerability in KEPServerEX (06 Dec 2023)

     A buffer overflow vulnerability has been discovered in KEPServerEX that may allow the product to crash when being accessed or leak information.
    CVE ID: CVE-2023-5908 (Critical)
  • Threat Actors Exploited Vulnerability in Adobe ColdFusion (05 Dec 2023)

     Threat actors had exploited an improper access control vulnerability in Adobe ColdFusion that resulted in arbitrary code execution. The affected products are Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier). Cybersecurity and Infrastructure Security Agency (CISA) has released mitigation to avoid exploitation.
    CVE ID: CVE-2023-26360 (High)
  • Vulnerability in Zebra Technologies' Equipments (05 Dec 2023)

     An authentication bypass vulnerability has been discovered in Zebra Technologies' Equipment- ZTC Industrial ZT410, ZTC Desktop GK420d. All versions of ZTC Industrial ZT410 and ZTC Desktop GK420d are affected.
    CVE ID: CVE-2023-4957 (Medium)
  • Cisco Released Security Updates (05 Dec 2023)

     Cisco has released a security update to resolve vulnerability in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) due to improper validation of the packet's inner source IP address after decryption. An attacker can exploit this vulnerability to take control of an affected system.
    CVE ID: CVE-2023-20275 (Medium)
  • Vulnerability in My Calendar WordPress Plugin (05 Dec 2023)

     A SQL injection vulnerability has been discovered in My Calendar WordPress Plugin. The affected versions are My Calendar below 3.4.22.
    CVE ID: CVE-2023-6360 (Critical)
  • Vulnerability in Jenkins MATLAB Plugin (05 Dec 2023)

     A vulnerability has been discovered in Jenkins MATLAB Plugin which can cause XML External Entity (XXE) attack. The affected versions are Jenkins MATLAB Plugin 2.11.0 and earlier.
    CVE ID: CVE-2023-49656 (Critical)
  • Vulnerability in Jenkins MATLAB Plugin (05 Dec 2023)

     A missing permission checks vulnerability has been discovered in the Jenkins MATLAB Plugin. The affected versions are Jenkins MATLAB Plugin 2.11.0 and earlier.
    CVE ID: CVE-2023-49654 (Critical)
  • Android Security Updates (04 Dec 2023)

     Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2023-12-05 or later, address all of these issues.
    CVE ID: CVE-2023-45866 (Critical), CVE-2023-40088 (Critical), CVE-2023-40077 (Critical), CVE-2023-40076 (Critical)
  • Vulnerability in NEC Platforms (04 Dec 2023)

     An OS command injection vulnerability has been discovered in NEC Platforms DT900 and DT900S Series. All versions of NEC Platforms DT900 and DT900S Series are affected.
    CVE ID: CVE-2023-3741 (Critical)
  • Vulnerability in NETGEAR ProSAFE Network Management System (04 Dec 2023)

     A vulnerability has been discovered in NETGEAR ProSAFE Network Management System that allows an arbitrary code execution via Java Debug Wire Protocol (JDWP) listening port 11611.
    CVE ID: CVE-2023-49693 (Critical)
  • Vulnerability in XMachOViewer (04 Dec 2023)

     A dylib injection vulnerability has been discovered in XMachOViewer that allows attackers to compromise integrity. The affected version is XMachOViewer 0.04.
    CVE ID: CVE-2023-49313 (Critical)
  • Google Released Security Update for Chrome (04 Dec 2023)

     Google has released Beta channel 120.0.6099.62 for Windows, Mac and Linux.

  • Vulnerability in Anyscale Ray (04 Dec 2023)

     An arbitrary code execution vulnerability has been discovered in Anyscale Ray. The affected versions are Anyscale Ray 2.6.3 and 2.8.0.
    CVE ID: CVE-2023-48022 (Critical)
  • Vulnerability in Anyscale Ray (04 Dec 2023)

     A Server-Side Request Forgery (SSRF) vulnerability has been discovered in Anyscale Ray. The affected versions are Anyscale Ray 2.6.3 and 2.8.0.
    CVE ID: CVE-2023-48023 (Critical)
  • Vulnerability in Chamilo LMS (04 Dec 2023)

     A command injection vulnerability has been discovered in Chamilo LMS. The affected versions are Chamilo LMS v1.11.20 and below.
    CVE ID: CVE-2023-3368 (Critical)
  • Vulnerability in Skia for Google Chrome (01 Dec 2023)

     An integer overflow vulnerability has been discovered in Skia in Google Chrome. The affected versions are Google Chrome prior to 119.0.6045.199.
    CVE ID: CVE-2023-6345 (Critical)
  • Vulnerability in jflyfox jfinalCMS (01 Dec 2023)

     An arbitrary code execution vulnerability has been discovered in jflyfox jfinalCMS. The affected version is jflyfox jfinalCMS v.5.1.0.
    CVE ID: CVE-2023-47503 (Critical)
  • Vulnerability in WPB Show Core WordPress plugin (01 Dec 2023)

     A Server Side Request Forgery (SSRF) vulnerability has been discovered in the WPB Show Core WordPress plugin. The affected versions are WPB Show Core through 2.2.
    CVE ID: CVE-2023-5974 (Critical)
  • Google Released Security Update for Chrome (01 Dec 2023)

     Google has released Dev channel 121.0.6156.3 for Windows, Mac and Linux.

  • Vulnerability in Mitsubishi Electric (30 Nov 2023)

     Malicious code execution vulnerability has been discovered in multiple Mitsubishi Electric FA engineering software products. All versions of GX Works3, MELSOFT iQ AppPortal, MELSOFT Navigator, and Motion Control Setting (*1) are affected.
    CVE ID: CVE-2023-5247 (High)
  • CISA Released Secure by Design Alert for Software Manufacturers (29 Nov 2023)

     Cybersecurity & Infrastructure Security Agency (CISA) has released principles to be followed by Software Manufacturers in order to have a product "Secure by design" to protect from ongoing malicious cyber activity against web management interfaces.

  • Microsoft Edge Security Updates (29 Nov 2023)

     Microsoft has released Microsoft Edge Stable Channel (Version 119.0.2151.97) and Microsoft Edge Extended Stable Channel (Version 118.0.2088.122) to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-6345 
  • Google Released Security Updates for Chrome (29 Nov 2023)

     Google has released Chrome Beta 120 (120.0.6099.43) for Android, Beta channel 120.0.6099.56 for Windows, Mac & Linux, Stable channel 120.0.6099.56 for Windows & Mac, and Chrome Stable 120 (120.0.6099.50) for iOS.

  • Drupal Security Updates (29 Nov 2023)

     Drupal has released security updates to resolve an access bypass vulnerability in Xsendfile, a third-party library used in it.

  • Vulnerability in Zyxel Firmware (29 Nov 2023)

     A vulnerability has been discovered in the WSGI server of Zyxel firmware that allows to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device. The affected versions are Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0.
    CVE ID: CVE-2023-4474 (Critical)
  • Vulnerability in Zyxel Firmware (29 Nov 2023)

     A command injection vulnerability has been discovered in the web server of Zyxel firmware. The affected versions are Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0.
    CVE ID: CVE-2023-4473 (Critical)
  • Vulnerability in Zyxel Firmware (29 Nov 2023)

     A command injection vulnerability has been discovered in the "show_zysync_server_contents" function of Zyxel firmware. The affected versions are Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0.
    CVE ID: CVE-2023-35138 (Critical)
  • Vulnerability in Pandora FMS (29 Nov 2023)

     An uncontrolled search path element vulnerability has been discovered in Pandora FMS. The affected versions are Pandora FMS: from 700 through 773.
    CVE ID: CVE-2023-41790 (Critical)
  • Vulnerability in Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress (29 Nov 2023)

     A Remote Code Execution (RCE) vulnerability has been discovered in Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress. The affected versions are Drag and Drop Multiple File Upload - Contact Form 7 plugin versions up to, and including, 1.3.7.3.
    CVE ID: CVE-2023-5822 (Critical)
  • Vulnerability in INEA ME RTU Firmware (29 Nov 2023)

     An OS command injection vulnerability has been discovered in INEA ME RTU firmware. The affected versions are INEA ME RTU firmware 3.36b and prior.
    CVE ID: CVE-2023-35762 (Critical)
  • Vulnerability in Royal Elementor Addons and Templates WordPress plugin (29 Nov 2023)

     A Remote Code Execution (RCE) vulnerability has been discovered in Royal Elementor Addons and Templates WordPress plugin. The affected versions are Royal Elementor Addons and Templates before 1.3.79.
    CVE ID: CVE-2023-5360 (Critical)
  • Vulnerability in Franklin Electric Fueling Systems' Equipment (28 Nov 2023)

     A path traversal vulnerability has been discovered in Franklin Electric Fueling Systems' Equipment- Colibri that can allow obtaining login credentials for other users. All versions of FFS Colibri are affected.
    CVE ID: CVE-2023-5885 (Medium)
  • Multiple Vulnerabilities in Becton, Dickinson and Company's Equipment (28 Nov 2023)

     Multiple vulnerabilities have been discovered in Becton, Dickinson and Company's Equipment- FACSChorus. The affected versions are BD FACSChorus (HP Z2 G9 workstation, shipped with FACSDiscover S8 Cell Sorter): v5.0 and v5.1, and BD FACSChorus (HP Z2 G5 workstation, shipped with FACSMelody Cell Sorter) v3.0 and v3.1.
    CVE ID: CVE-2023-29060 (Medium), CVE-2023-29061 (Medium), CVE-2023-29062 (Low), CVE-2023-29063 (Low), CVE-2023-29064 (Medium), CVE-2023-29065 (Medium), CVE-2023-29066 (Low)
  • Multiple Vulnerabilities in Delta Electronics' Equipment (28 Nov 2023)

     Multiple vulnerabilities have been discovered in Delta Electronics' Equipment- InfraSuite Device Master that can allow to remotely execute arbitrary code and obtain plaintext credentials. The affected versions are InfraSuite Device Master: 1.0.7 and prior.
    CVE ID: CVE-2023-46690 (High), CVE-2023-47207 (Critical), CVE-2023-39226 (Critical), CVE-2023-47279 (High)
  • Vulnerability in Article Analytics WordPress plugin (27 Nov 2023)

     A SQL injection vulnerability has been discovered in Article Analytics WordPress plugin.
    CVE ID: CVE-2023-5640 (Critical)
  • Vulnerability in SmartNode SN200 (27 Nov 2023)

     An OS command injection vulnerability has been discovered in SmartNode SN200. The affected version is SmartNode SN200 3.21.2-23021.
    CVE ID: CVE-2023-41109 (Critical)
  • CISA Guidelines for Secure AI System Development (26 Nov 2023)

     Cybersecurity & Infrastructure Security Agency (CISA) has released guidelines for providers of any systems that use Artificial Intelligence (AI), whether those systems have been created from scratch or built on top of tools and services provided by others.The guidelines are broken down into four key areas within the AI system development life cycle- secure design, secure development, secure deployment and secure operation & maintenance. Implementing these guidelines will help providers build AI systems that function as intended, are available when needed, and work without revealing sensitive data to unauthorised parties.

  • Vulnerability in RenderDoc (25 Nov 2023)

     A buffer overflow vulnerability has been discovered in SerialiseValue of RenderDoc. The affected versions are RenderDoc before 1.27.
    CVE ID: CVE-2023-33863 (Critical)
  • Vulnerability in ReadyMedia (25 Nov 2023)

     A buffer overflow vulnerability has been discovered in ReadyMedia. The affected versions are ReadyMedia from 1.1.15 up to 1.3.2.
    CVE ID: CVE-2023-33476 (Critical)
  • Vulnerability in AppPresser plugin for WordPress (24 Nov 2023)

     An unauthorized password resets vulnerability has been discovered in AppPresser plugin for WordPress. The affected versions are AppPresser plugin versions up to, and including 4.2.5.
    CVE ID: CVE-2023-4214 (Critical)
  • Vulnerability in kodbox (24 Nov 2023)

     A vulnerability has been discovered in kodbox that enables user enumeration. The affected version is kodbox 1.46.01.
    CVE ID: CVE-2023-48028 (Critical)
  • Vulnerability in OpenNDS (24 Nov 2023)

     A vulnerability has been discovered in the captive portal of OpenNDS. The affected versions are OpenNDS before version 10.1.3.
    CVE ID: CVE-2023-41101 (Critical)
  • CVE - KB Correlation (24 Nov 2023)

    List of CVE IDs and corresponding Knowledge Base IDs as released by Microsoft during November 2023.

  • Vulnerability in Veribilim Software Computer Veribase (23 Nov 2023)

    A SQL Injection vulnerability has been discovered in Veribilim Software Computer Veribase. The affected versions are Veribase through 20231123.
    CVE ID: CVE-2023-3377 (Critical)
  • Vulnerability in OpenNDS Captive Portal (22 Nov 2023)

     An OS commands injection vulnerability has been discovered in OpenNDS Captive Portal.The affected versions are OpenNDS Captive Portal before version 10.1.2. 
    CVE ID: CVE-2023-38316 (Critical)
  • Vulnerability in MISP (22 Nov 2023)

     A vulnerability has been discovered in MISP. The affected versions are MISP before 2.4.176.
    CVE ID: CVE-2023-48659 (Critical)
  • Vulnerability in EPMM (22 Nov 2023)

     A vulnerability has been discovered in EPMM that enables unauthorized access and potential misuse of user accounts and resources. The affected versions are EPMM 11.10, 11.9, 11.8 and older.
    CVE ID: CVE-2023-39335 (Critical)
  • Google Released Security Updates for Chrome (22 Nov 2023)

     Google has released Beta channel 120.0.6099.35 for Windows, Mac and Linux.

  • Foxit Security Updates (22 Nov 2023)

     Foxit has released updated Foxit PDF Reader 2023.3, Foxit PDF Editor 2023.3, Foxit PDF Editor for Mac 2023.3, and Foxit PDF Reader for Mac 2023.3 to resolve multiple vulnerabilities.

  • Vulnerability in Concrete CMS (21 Nov 2023)

    A vulnerability has been discovered in Concrete CMS that allows unauthorized access because directories can be created with insecure permissions. The affected versions are Concrete CMS before 8.5.13 and 9.x before 9.2.2.
    CVE ID: CVE-2023-48648 (Critical)
  • Vulnerability in .NET, .NET Framework, and Visual Studio (21 Nov 2023)

    An elevation of privilege vulnerability has been discovered in .NET, .NET Framework, and Visual Studio. Security updates are available.
    CVE ID: CVE-2023-36049 (Critical)
  • LockBit 3.0 Ransomware Exploit CVE-2023-4966 Citrix Bleed Vulnerability (21 Nov 2023)

    LockBit 3.0 ransomware is exploiting a sensitive information disclosure vulnerability (CVE-2023-4966) labeled as Citrix Bleed, affecting Citrix NetScaler web application delivery control (ADC) and NetScaler Gateway appliances. Citrix Bleed, known to be leveraged by LockBit 3.0 affiliates, allows threat actors to bypass password requirements & Multi Factor Authentication (MFA), which leads to successful session hijacking of legitimate user sessions on Citrix NetScaler web application delivery control (ADC) and Gateway appliances. CISA has released a joint cybersecurity advisory to disseminate IOCs, TTPs, and detection methods associated with LockBit 3.0 ransomware.

  • Vulnerability in WAGO's Equipment (21 Nov 2023)

    A vulnerability has been discovered in WAGO's Equipment- PFC200 Series that allows with administrative privileges to access sensitive files in an unintended, undocumented way.
    CVE ID: CVE-2023-4089 (Low)
  • Multiple Vulnerabilities in Fuji Electric's Equipment (21 Nov 2023)

    Multiple vulnerabilities such as stack based buffer overflow, out of bounds write, and improper access control have been discovered in Fuji Electric's Equipment- Tellus Lite V-Simulator. The affected versions are Tellus Lite V-Simulator prior to V4.0.19.0. Security updates are available.
    CVE ID: CVE-2023-35127 (High), CVE-2023-40152 (High), CVE-2023-5299 (High)
  • Multiple Vulnerabilities in Rockwell Automation's Equipment (21 Nov 2023)

    The unprotected alternate channel and OS command injection vulnerabilities have been discovered in Rockwell Automation's Equipment- Stratix 5800 and Stratix 5200. All versions of Stratix 5800 and Stratix 5200 are affected. The mitigation is available.
    CVE ID: CVE-2023-20198 (Critical), CVE-2023-20273 (High)
  • Mozilla Released Security Updates (21 Nov 2023)

    Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 115.5, Firefox for iOS 120, Firefox 115.5, and Firefox 120. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-6204 (High), CVE-2023-6205 (High), CVE-2023-6206 (High), CVE-2023-6207 (High), CVE-2023-6208 (Medium), CVE-2023-6209 (Medium), CVE-2023-6210 (Low), CVE-2023-6211 (Low), CVE-2023-6212 (High), CVE-2023-6213 (High), CVE-2023-49060 (High), CVE-2023-49061 (Medium)
  • Zyxel Security Updates for SecuExtender SSL VPN Client Software (21 Nov 2023)

    An out-of-bounds write vulnerability has been discovered in Zyxel Windows-based SecuExtender SSL VPN Client software. The affected products are Zyxel SecuExtender SSL VPN Client V4.0.4.0 (for Windows). Zyxel has released security patches to address this vulnerability.
    CVE ID: CVE-2023-5593
  • Vulnerability in Jupyter Extension for Visual Studio Code (21 Nov 2023)

    A spoofing vulnerability has been discovered in Jupyter Extension for Visual Studio Code. Security updates are available.
    CVE ID: CVE-2023-36018 (Critical)
  • Vulnerability in Samba (21 Nov 2023)

    A path traversal vulnerability has been discovered in Samba that can result in SMB clients connecting as root to Unix domain sockets outside the private directory. The affected products are all Samba versions, starting with 4.16.0. Security updates are available.
    CVE ID: CVE-2023-3961 (Critical)
  • Multiple Vulnerabilities in Mitsubishi Electric's GX Works2 (21 Nov 2023)

    Multiple Denial-of-service (DoS) vulnerabilities due to improper input validation have been discovered in the simulation function of Mitsubishi Electric's GX Works2. All versions of GX Works2 are affected.
    CVE ID: CVE-2023-5274 (Low), CVE-2023-5275 (Low)
  • Vulnerability Summary (20 Nov 2023)

    Summary of vulnerabilities for the week of November 13, 2023.

  • Vulnerability in RedisGraph (20 Nov 2023)

    A vulnerability has been discovered in RedisGraph that allows to execute arbitrary code and can cause Denial of Service (DoS) via a crafted string. The affected version is RedisGraph v.2.12.10.
    CVE ID: CVE-2023-47003 (Critical)
  • Vulnerability in Yii (20 Nov 2023)

    A Remote Code Execution (RCE) vulnerability has been discovered in Yii. The affected versions are yiisoft/yii before version 1.1.29.
    CVE ID: CVE-2023-47130 (Critical)
  • Vulnerability in Fortinet Products (20 Nov 2023)

    A permissive cross-domain policy with untrusted domain vulnerability has been discovered in Fortinet products. The affected versions are Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1.
    CVE ID: CVE-2023-25603 (Critical)
  • Vulnerability in Fortinet FortiSIEM (20 Nov 2023)

    An OS command injection vulnerability has been discovered in Fortinet FortiSIEM. The affected versions are Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.10.0 and 4.9.0 and 4.7.2.
    CVE ID: CVE-2023-36553 (Critical)
  • Vulnerability in Fortinet FortiWLM (20 Nov 2023)

    A SQL injection vulnerability has been discovered in Fortinet FortiWLM. The affected versions are Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2.
    CVE ID: CVE-2023-34991 (Critical)
  • Vulnerability in GitHub repository (17 Nov 2023)

    A code Injection vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
    CVE ID: CVE-2023-6126 (Critical)
  • Vulnerability in COMOS (17 Nov 2023)

    A structured Exception Handler (SEH) based buffer overflow vulnerability has been discovered in COMOS. All versions of COMOS below V10.4.4 are affected.
    CVE ID: CVE-2023-43504 (Critical)
  • Vulnerability in EMSigner (17 Nov 2023)

    An incorrect access control vulnerability has been discovered in the SecPro product's EMSigner that allows the access accounts of all registered users, including those with administrator privileges via a crafted password reset token. The affected version is EMSigner v2.8.7.
    CVE ID: CVE-2023-43902 (Critical)
  • Vulnerability in Langchain (17 Nov 2023)

    An arbitrary code execution vulnerability has been discovered in Langchain. The affected version is Langchain v.0.0.171.
    CVE ID: CVE-2023-36281 (Critical)
  • Vulnerability in Linux Kernel (17 Nov 2023)

    An integer underflow and out-of-bounds vulnerability has been discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd.
    CVE ID: CVE-2023-38427 (Critical)
  • Vulnerability in Langchain (17 Nov 2023)

    An arbitrary code execution vulnerability has been discovered in Langchain. The affected version is Langchain v.0.0.171.
    CVE ID: CVE-2023-34540 (Critical)
  • Trellix Security Updates (16 Nov 2023)

     Trellix has released a security updates to address Cross-Site Request Forgery (CSRF) and URL redirection to untrusted site vulnerabilities in ePolicy Orchestrator "On-Premises". The affected versions are ePolicy Orchestrator "On-Premises" prior to 5.10.0 SP1 UP2.
    CVE ID: CVE-2023-5444 (High), CVE-2023-5445 (Medium)
  • Vulnerability in ASUSTeK COMPUTER RT-AC87U (15 Nov 2023)

    An improper access control vulnerability has been discovered in ASUSTeK COMPUTER RT-AC87U. All versions of RT-AC87U are affected.
    CVE ID: CVE-2023-47678 (Medium)
  • Multiple Vulnerabilities in Citrix Hypervisor and Intel (15 Nov 2023)

    Multiple vulnerabilities have been discovered in Citrix Hypervisor 8.2 CU1 LTSR and Intel. Citrix has released security updates to address these vulnerabilities.
    CVE ID: CVE-2023-23583 (High), CVE-2023-46835 (High)
  • Rhysida Ransomware (15 Nov 2023)

    Rhysida ransomware is leveraging external-facing remote services such as VPN, by authenticating to internal VPN access points with compromised valid credentials for initial access. Adversary has exploited vulnerabilities for lateral movement & for persistence within a network. Rhysida ransomware is showing similarities with Vice Society ransomware aka DEV-0832.

  • Cisco Released Security Updates for Multiple Products (15 Nov 2023)

    Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-20265 (Medium), CVE-2023-20084 (Medium), CVE-2023-20208 (Medium), CVE-2023-20272 (Medium), CVE-2023-20274 (Medium), CVE-2023-20240 (Medium), CVE-2023-20241 (Medium)
  • Drupal Security Updates (15 Nov 2023)

    Drupal has released security updates to address faulty payment confirmation logic vulnerability in Mollie for Drupal, a third-party library used in it.

  • Vulnerability in ASUS (15 Nov 2023)

    A vulnerability has been discovered in ASUS RT-AX57 that allows to execute arbitrary code via a crafted request. The affected version is ASUS RT-AX57 v.3.0.0.4_386_52041.
    CVE ID: CVE-2023-47008 (Critical)
  • Vulnerability in ASUS (15 Nov 2023)

    A vulnerability has been discovered in ASUS RT-AX57 that allows to execute arbitrary code via a crafted request. The affected version is ASUS RT-AX57 v.3.0.0.4_386_52041.
    CVE ID: CVE-2023-47007 (Critical)
  • Vulnerability in ASUS (15 Nov 2023)

    A vulnerability has been discovered in ASUS RT-AX57 that allows to execute arbitrary code via a crafted request. The affected version is ASUS RT-AX57 v.3.0.0.4_386_52041.
    CVE ID: CVE-2023-47006 (Critical)
  • Vulnerability in ASUS (15 Nov 2023)

    A vulnerability has been discovered in ASUS RT-AX57 that allows to execute arbitrary code via a crafted request. The affected version is ASUS RT-AX57 v.3.0.0.4_386_52041.
    CVE ID: CVE-2023-47005 (Critical)
  • SAP Released November 2023 Security Notes (14 Nov 2023)

    SAP has released security notes to address several critical vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-40309 (Critical), CVE-2023-31403 (Critical), CVE-2023-42477 (Medium), CVE-2023-41366 (Medium), CVE-2023-42480 (Medium)
  • Foxit PDF Editor Security Updates (14 Nov 2023)

    Foxit has released updated Foxit PDF Editor 13.0.1 to resolve multiple vulnerabilities in Foxit PDF Editor 13.0.0.21632, 12.1.3.15356 & all previous 12.x versions, 11.2.7.53812 & all previous 11.x versions, 10.1.12.37872 and earlier.

  • Multiple Vulnerabilities in Siemens Products (14 Nov 2023)

    Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve these vulnerabilities.
    CVE ID: CVE-2023-24845 (Critical), CVE-2022-23219 (Critical), CVE-2022-23218 (Critical), CVE-2022-23218 (Critical), CVE-2022-23218 (Critical), CVE-2021-35942 (Critical), CVE-2021-33574 (Critical), CVE-2023-44373 (Critical), CVE-2021-20093 (Critical), CVE-2023-3935 (Critical), CVE-2022-37434 (Critical), CVE-2023-46601 (Critical), CVE-2023-43505 (Critical), CVE-2023-43504 (Critical), CVE-2022-23218 (Critical), CVE-2022-23219 (Critical)
  • Microsoft Released November 2023 Security Updates (14 Nov 2023)

    Microsoft has released updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-36028 (Critical), CVE-2023-36397 (Critical)
  • Adobe Released Security Updates (14 Nov 2023)

    Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-44350 (Critical), CVE-2023-44351 (Critical), CVE-2023-44324 (Critical)
  • Multiple Vulnerabilities in Fortinet Products (14 Nov 2023)

    Multiple vulnerabilities have been discovered in FortiOS and FortiProxy. Security updates are available.
    CVE ID: CVE-2023-36641 (Medium), CVE-2023-28002 (Medium), CVE-2023-38545 (High)
  • GitLab Security Updates (14 Nov 2023)

    GitLab has released updated versions 16.5.2 for GitLab Community Edition and Enterprise Edition.

  • Vulnerability in Tenda (14 Nov 2023)

    A stack overflow vulnerability has been discovered in Tenda. The affected version is Tenda AX1806 V1.0.0.1.
    CVE ID: CVE-2023-47456 (Critical)
  • VMware Security Updates (14 Nov 2023)

    VMware has released security updates to address an authentication bypass vulnerability in VMware Cloud Director Appliance (VCD Appliance). An attacker can exploit this vulnerability to take control of an affected system.
    CVE ID: CVE-2023-34060 (Critical)
  • Google Released Security Updates for Chrome (14 Nov 2023)

    Google has released Chrome 119 (119.0.6045.163) for Android, Extended Stable channel 118.0.5993.144 for Windows & Mac, Chrome Stable 119 (119.0.6045.169) for iOS, Stable channel 119.0.6045.159 for Mac & Linux & 119.0.6045.159/.160 for Windows and Stable channel OS version: 15633.44.0 Browser version: 119.0.6045.158 for most ChromeOS devices to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-21216 (Medium), CVE-2023-5996 (High), CVE-2023-35685 (High), CVE-2023-4244 (Medium), CVE-2023-5197 (Medium), CVE-2023-40113 (Critical), CVE-2023-40109 (High), CVE-2023-40114 (High), CVE-2023-40110 (High), CVE-2023-40112 (High), CVE-2023-40118 (Medium), CVE-2023-5997 (High), CVE-2023-6112 (High)
  • Apache ActiveMQ Vulnerability Affects Hitachi Products (14 Nov 2023)

    A Remote Code Execution (RCE) vulnerability discovered in Apache ActiveMQ affects multiple Hitachi products. The affected products are Ellipse Pre 9.0.41, Asset Suite 9.6.3.x and 9.6.4, and Asset Suite 9.6.3.x and 9.6.4. The mitigations are available.
    CVE ID: CVE-2023-46604 (Critical)
  • Vulnerability in SysAid (13 Nov 2023)

    A path traversal vulnerability has been discovered in SysAid On-Premise. The affected versions are SysAid On-Premise before 23.3.36.
    CVE ID: CVE-2023-47246 (Critical)
  • Vulnerability in BoltWire (13 Nov 2023)

    A vulnerability has been discovered in BoltWire that allows to obtain sensitive information via a crafted payload to the view and change admin password function. The affected version is BoltWire v.6.03.
    CVE ID: CVE-2023-46501 (Critical)
  • Vulnerability in Videolan VLC (13 Nov 2023)

    A heap based buffer overflow vulnerability has been discovered in Videolan VLC. The affected versions are Videolan VLC prior to version 3.0.20.
    CVE ID: CVE-2023-47359 (Critical)
  • Vulnerability in Zephyr (13 Nov 2023)

    A potential buffer overflow vulnerability has been discovered in the Zephyr CAN bus subsystem.
    CVE ID: CVE-2023-3725 (Critical)
  • Vulnerability in Zephyr (13 Nov 2023)

    A potential buffer overflow vulnerability has been discovered in the Zephyr Bluetooth subsystem.
    CVE ID: CVE-2023-4264 (Critical)
  • Vulnerability in Java OpenWire Protocol Marshaller (13 Nov 2023)

    A Remote Code Execution (RCE) vulnerability has been discovered in the Java OpenWire protocol marshaller. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3.
    CVE ID: CVE-2023-46604 (Critical)
  • Google Released Security Updates for Chrome (10 Nov 2023)

    Google has released Chrome Dev 121 (121.0.6116.2) for Android.

  • Vulnerability in IGB driver in Linux kernel (10 Nov 2023)

    A vulnerability has been discovered in IGB driver in the Linux kernel before 6.5.3.
    CVE ID: CVE-2023-45871 (Critical)
  • Vulnerability in lmxcms (09 Nov 2023)

     A vulnerability has been discovered in lmxcms that allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file. The affected version is lmxcms v.1.41.
    CVE ID: CVE-2023-46958 (Critical)
  • Vulnerability in Dromara Lamp-Cloud (09 Nov 2023)

     A vulnerability has been discovered in Dromara Lamp-Cloud. The affected versions are Dromara Lamp-Cloud before v3.8.1.
    CVE ID: CVE-2023-31579 (Critical)
  • Vulnerability in Franklin Fueling System TS-550 (09 Nov 2023)

     A vulnerability has been discovered in Franklin Fueling System TS-550 that allow attackers to decode admin credentials. The affected versions are Franklin Fueling System TS-550 versions prior to 1.9.23.8960.
    CVE ID: CVE-2023-5846 (Critical)
  • Vulnerability in Insyde InsydeH2O (09 Nov 2023)

     A stack buffer overflow vulnerability has been discovered in AsfSecureBootDxe of Insyde InsydeH2O. The affected versions are Insyde InsydeH2O with kernel 5.0 through 5.5.
    CVE ID: CVE-2023-39281 (Critical)
  • Vulnerability in GitHub repository (09 Nov 2023)

     Insufficient Session Expiration vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository thorsten/phpmyfaq prior to 3.2.2.
    CVE ID: CVE-2023-5865 (Critical)
  • Microsoft Edge Security Update (09 Nov 2023)

     Microsoft has released Microsoft Edge Stable Channel (Version 119.0.2151.58) and Extended Stable Channel (Version 118.0.2088.102) to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-36014 (High), CVE-2023-36024 (High)
  • Vulnerability in Johnson Controls (09 Nov 2023)

     A vulnerability has been discovered in Johnson Controls' Quantum HD Unity control panels. The mitigations are available.
    CVE ID: CVE-2023-4804 
  • Multiple Vulnerabilities in Hitachi Energy's Equipment (09 Nov 2023)

     Multiple vulnerabilities have been discovered in Hitachi Energy's Equipment- eSOMS. The affected versions are Hitachi Energy eSOMS: v6.3.13 and prior. 
    CVE ID: CVE-2023-5514 (Medium), CVE-2023-5515 (Medium), CVE-2023-5516 (Medium)
  • Google Released Security Updates for Chrome (09 Nov 2023)

     Google has released Dev channel 121.0.6115.2 for Windows, Mac and Linux, Chrome Beta 120 (120.0.6099.19) for Android, and Chrome Beta 120 (120.0.6099.16) for iOS.

  • Palo Alto Networks Released Security Updates (08 Nov 2023)

     Palo Alto Networks has released security updates to resolve a local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system. The affected version is Cortex XSOAR 6.10.
    CVE ID: CVE-2023-3282 (Medium)
  • Vulnerability in wuzhicms (08 Nov 2023)

     SQL injection vulnerability has been discovered in wuzhicms. The affected version is wuzhicms v.4.1.0.
    CVE ID: CVE-2023-46482 (Critical)
  • Vulnerability in Remote Desktop Manager (08 Nov 2023)

     Remote Code Execution vulnerability has been discovered in Remote Desktop Manager. The affected versions are Remote Desktop Manager 2023.2.33 and earlier on Windows.
    CVE ID: CVE-2023-5766 (Critical)
  • Vulnerability in Devolutions Remote Desktop Manager (08 Nov 2023)

     Improper access control vulnerability has been discovered in the password analyzer feature of Devolutions Remote Desktop Manager. The affected versions are Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows.
    CVE ID: CVE-2023-5765 (Critical)
  • Vulnerability in franfinance (08 Nov 2023)

     Arbitrary code execution vulnerability has been discovered in franfinance. The affected versions are franfinance before v.2.0.27.
    CVE ID: CVE-2023-43139 (Critical)
  • Vulnerability in GitHub repository (08 Nov 2023)

     Improper Input Validation vulnerability has been discovered in GitHub repository. The affected version is GitHub repository mintplex-labs/anything-llm prior to 0.1.0.
    CVE ID: CVE-2023-5832 (Critical)
  • Vulnerability in GitHub repository (08 Nov 2023)

     Insufficient Session Expiration vulnerability has been discovered in GitHub repository. The affected version is GitHub repository linkstackorg/linkstack prior to v4.2.9.
    CVE ID: CVE-2023-5838 (Critical)
  • Vulnerability in Apache (08 Nov 2023)

     Remote Code Execution vulnerability has been discovered in Apache ActiveMQ. 
    CVE ID: CVE-2023-46604 (Critical)
  • Drupal Security Updates (08 Nov 2023)

     Drupal has released security updates to resolve Cross Site Request Forgery and Access bypass vulnerabilities in GraphQL, third-party library used in it.

  • Google Released Security Updates for Chrome (08 Nov 2023)

     Google has released Chrome 119 (119.0.6045.134) for Android, and Beta channel 120.0.6099.18 for Windows, Mac and Linux.

  • Foxit PDF Editor Security Updates (08 Nov 2023)

     Foxit has released updated Foxit PDF Editor for Mac 13.0.1 to resolve multiple vulnerabilities in Foxit PDF Editor for Mac 13.0.0.61829, 12.1.1.55342 and all previous 12.x versions, 11.1.5.0913 and earlier.

  • Android Security Updates (07 Nov 2023)

     Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2023-11-05 or later, address all of these issues.

  • Vulnerability in EC-CUBE (07 Nov 2023)

     An arbitrary code execution vulnerability has been discovered in EC-CUBE 3 series and 4 series. The affected versions are EC-CUBE 4 series: EC-CUBE 4.0.0 to 4.0.6-p3, EC-CUBE 4.1.0 to 4.1.2-p2, EC-CUBE 4.2.0 to 4.2.2 and EC-CUBE 3 series: EC-CUBE 3.0.0 to 3.0.18-p6.
    CVE ID: CVE-2023-46845 (High)
  • Google Released Security Updates for Chrome (07 Nov 2023)

     Google has released Beta channel OS version 15633.37.0 Browser version 119.0.6045.116 for most ChromeOS devices,  Extended Stable channel 118.0.5993.136 for Windows & Mac, Stable channel 119.0.6045.123 for Mac and Linux & 119.0.6045.123/.124 for Windows and LTS channel 114.0.5735.339 (Platform Version 15437.76.0) for most ChromeOS devices to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-5472 (High), CVE-2023-5481 (Medium), CVE-2023-5474 (Medium), CVE-2023-35688 (High), CVE-2023-21401 (High), CVE-2023-21263 (High), CVE-2023-38545 (High), CVE-2023-5996 (High)
  • Vulnerability in General Electric's Equipment (07 Nov 2023)

     An uncontrolled search path element vulnerability has been discovered in General Electric's Equipment- MiCOM S1 Agile that allows to upload malicious files and achieve code execution. All versions of General Electric MiCOM S1 Agile are affected.
    CVE ID: CVE-2023-0898 (Medium)
  • Vulnerability in TOTOLINK (07 Nov 2023)

    A command injection vulnerability has been discovered in TOTOLINK X6000R. The affected versions are TOTOLINK X6000R V9.4.0cu.852_B20230719. 
    CVE ID: CVE-2023-46979 (Critical)
  • Vulnerability in TOTOLINK (07 Nov 2023)

    A stack overflow vulnerability has been discovered in TOTOLINK LR1200GB. The affected versions are TOTOLINK LR1200GB V9.1.0u.6619_B20230130. 
    CVE ID: CVE-2023-46977 (Critical)
  • Vulnerability in Sielco PolyEco1000 (07 Nov 2023)

    A session hijack vulnerability has been discovered in Sielco PolyEco1000. 
    CVE ID: CVE-2023-0897 (Critical)
  • Vulnerability in Apache (05 Nov 2023)

     An improper input validation vulnerability has been discovered in the Apache Software Foundation Apache Traffic Server. The affected versions are Apache Traffic Server through 9.2.1.
    CVE ID: CVE-2023-33934 (Critical)
  • Google Released Security Updates for Chrome (03 Nov 2023)

    Google has released Chrome Dev 121 (121.0.6103.2) for Android.

  • Vulnerability in D-Link (03 Nov 2023)

     A buffer overflow vulnerability has been discovered in D-Link devices that can allow  execution of arbitrary code. The affected versions are D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before.
    CVE ID: CVE-2023-45580 (Critical)
  • Vulnerability in DreamSecurity MagicLine4NX (03 Nov 2023)

     A buffer overflow vulnerability has been discovered in DreamSecurity MagicLine4NX that allows an attacker to remotely execute code. The affected versions are DreamSecurity MagicLine4NX 1.0.0.1 to 1.0.0.26.
    CVE ID: CVE-2023-45797 (Critical)
  • Vulnerability in D-Link (03 Nov 2023)

     A buffer overflow vulnerability has been discovered in D-Link devices that can allow  execution of arbitrary code. The affected versions are D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before.
    CVE ID: CVE-2023-45573 (Critical)
  • Vulnerability in WP Job Portal WordPress plugin (03 Nov 2023)

     A SQL injection vulnerability has been discovered in the WP Job Portal WordPress plugin. The affected versions are WP Job Portal WordPress plugin before 2.0.6.
    CVE ID: CVE-2023-4490 (Critical)
  • Red Hat Security Updates (03 Nov 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Microsoft Edge Security Update (02 Nov 2023)

     Microsoft has released Microsoft Edge Stable Channel (Version 119.0.2151.44) to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-36022 (Medium), CVE-2023-36029 (Medium), CVE-2023-36034 (Medium)
  • Vulnerability in Red Lion's Equipment (02 Nov 2023)

    An improper neutralization of null byte or NUL character vulnerability has been discovered in Red Lion's Equipment- FlexEdge Gateway, DA50A, DA70A running Crimson. The affected versions are Red Lion Crimson: v3.2.0053.18 or prior. 
    CVE ID: CVE-2023-5719 (High)
  • Multiple Vulnerabilities in Moxa's PT-G503 Series (02 Nov 2023)

    Multiple vulnerabilities have been discovered in Moxa's PT-G503 Series. The affected versions are PT-G503 Series firmware version v5.2 and prior.
    CVE ID: CVE-2005-4900 (Medium), CVE-2015-9251 (Medium), CVE-2019-11358 (Medium), CVE-2020-11022 (Medium), CVE-2020-11023 (Medium), CVE-2023-4217 (Low), CVE-2023-5035 (Low)
  • Multiple Vulnerabilities in Several Cisco products (02 Nov 2023)

    Multiple vulnerabilities have been discovered in several Cisco products.  Security updates are available.
    CVE ID: CVE-2023-44487 (High), CVE-2023-20086 (High), CVE-2023-20095 (High), CVE-2023-20228 (Medium)

  • SUSE Security Updates (02 Nov 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Vulnerability in MELSEC Series (02 Nov 2023)

    A Denial of Service (DoS) vulnerability due to insufficient verification of data authenticity has been discovered in the MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules.
    CVE ID: CVE-2023-4699 (Critical)

  • Red Hat Security Updates (02 Nov 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in MELSEC iQ-F Series (02 Nov 2023)

    A Denial of Service (DoS) vulnerability has been discovered due to improper restriction of excessive authentication attempts in the Web server function of the MELSEC iQ-F Series CPU module.
    CVE ID: CVE-2023-4625

  • Drupal Security Updates (01 Nov 2023)

    Drupal has released security updates to resolve an access bypass vulnerability in Paragraphs admin, a third-party library used in it.

  • Vulnerability in Cisco Firepower Management Center (FMC) Software (01 Nov 2023)

    A critical vulnerability has been discovered in the web services interface of Cisco Firepower Management Center (FMC) Software. This vulnerability could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software.
    CVE ID: CVE-2023-20048 (Critical)

  • Vulnerability in Online Bus Booking System (01 Nov 2023)

    A SQL injection vulnerability has been discovered in Online Bus Booking System v1.0. 
    CVE ID: CVE-2023-45019 (Critical)

  • Vulnerability in Online Bus Booking System (01 Nov 2023)

    A SQL injection vulnerability has been discovered in Online Bus Booking System v1.0. 
    CVE ID: CVE-2023-45018 (Critical)

  • Vulnerability in Online Bus Booking System (01 Nov 2023)

    A SQL injection vulnerability has been discovered in Online Bus Booking System v1.0. 
    CVE ID: CVE-2023-45017 (Critical)

  • Vulnerability in Online Bus Booking System (01 Nov 2023)

    A SQL injection vulnerability has been discovered in Online Bus Booking System v1.0. 
    CVE ID: CVE-2023-45016 (Critical)

  • Vulnerability in Online Bus Booking System (01 Nov 2023)

    A SQL injection vulnerability has been discovered in Online Bus Booking System v1.0. 
    CVE ID: CVE-2023-45015 (Critical)

  • Vulnerability in Online Bus Booking System (01 Nov 2023)

    A SQL injection vulnerability has been discovered in Online Bus Booking System v1.0. 
    CVE ID: CVE-2023-45014 (Critical)

  • Vulnerability in Online Bus Booking System (01 Nov 2023)

    A SQL injection vulnerability has been discovered in Online Bus Booking System v1.0. 
    CVE ID: CVE-2023-45013 (Critical)

  • Vulnerability in Online Bus Booking System (01 Nov 2023)

    A SQL injection vulnerability has been discovered in Online Bus Booking System v1.0. 
    CVE ID: CVE-2023-45012 (Critical)

  • Vulnerability in Online Examination System v1.0 (01 Nov 2023)

     A SQL injection vulnerability has been discovered in Online Examination System v1.0. 
    CVE ID: CVE-2023-45114(Critical)

  • Vulnerability in Online Examination System v1.0 (01 Nov 2023)

     A SQL injection vulnerability has been discovered in Online Examination System v1.0. 
    CVE ID: CVE-2023-45113(Critical)

  • Vulnerability in Online Examination System v1.0 (01 Nov 2023)

     A SQL injection vulnerability has been discovered in Online Examination System v1.0. 
    CVE ID: CVE-2023-45112(Critical)

  • Vulnerability in Online Examination System v1.0 (01 Nov 2023)

     A SQL injection vulnerability has been discovered in Online Examination System v1.0. 
    CVE ID: CVE-2023-45111(Critical)

  • Multiple Vulnerabilities in Several IBM Products (01 Nov 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Google Released Security Updates for Chrome (01 Nov 2023)

    Google has released Chrome Beta 120 (120.0.6099.4) for Android, Chrome Beta channel 120.0.6099.5 for Windows, Mac & Linux, Beta channel to OS version: 15633.30.0 Browser version: 119.0.6045.104 for most ChromeOS devices and Extended Stable channel to 118.0.5993.129 for Windows & Mac.

  • SUSE Security Updates (01 Nov 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Red Hat Security Updates (01 Nov 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Zavio IP Camera (31 Oct 2023)

    Multiple vulnerabilities have been discovered in Zavio IP Camera. Successful exploitation of these vulnerabilities could allow Remote Code Execution (RCE). 
    CVE ID: CVE-2023-3959 (Critical), CVE-2023-45225 (Critical), CVE-2023-43755 (Critical),CVE-2023-39435 (High), CVE-2023-4249 (High)

  • Multiple Vulnerabilities in INEA's Equipment (31 Oct 2023)

    Multiple vulnerabilities have been discovered in INEA's  ME RTU  Equipment that can cause Remote Code Execution (RCE). The affected version is ME RTU 3.36b and prior.
    CVE ID: CVE-2023-35762 (Critical), CVE-2023-29155 (Critical)

  • Google Released Security Updates for Chrome (31 Oct 2023)

    Google has released Chrome 119 (119.0.6045.66) for Android, Beta channel 119.0.6045.105 for Windows, Mac & Linux, Chrome Stable 119 (119.0.6045.109) for iOS and  Chrome 119.0.6045.105 (Linux and Mac) & 119.0.6045.105/.106( Windows). 
    CVE ID: CVE-2023-5480 (High), CVE-2023-5482 (High), CVE-2023-5849 (High), CVE-2023-5850 (Medium), CVE-2023-5851 (Medium), CVE-2023-5852 (Medium), CVE-2023-5853 (Medium), CVE-2023-5854 (Medium), CVE-2023-5855 (Medium), CVE-2023-5856 (Medium), CVE-2023-5857 (Medium), CVE-2023-5858 (Low), CVE-2023-5859 (low)

  • SUSE Security Updates (31 Oct 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Security Update for Dell SupportAssist (31 Oct 2023)

    Dell has released security updates for Dell SupportAssist for Home PCs and Dell SupportAssist for Business PCs user interface component. Successful exploitation may allow to compromise the affected system.
    CVE ID: CVE-2023-44283 (High)

  • Multiple Vulnerabilities in Several IBM Products (31 Oct 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-24998 (High), CVE-2016-0321 (Medium), CVE-2023-26049 (Medium), CVE-2023-26048 (Medium)

  • Red Hat Security Updates (31 Oct 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • SUSE Security Updates (30 Oct 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Dell Security Update (30 Oct 2023)

    Dell has released security updates for Dell Avamar, Dell NetWorker Virtual Edition (NVE) and Dell PowerProtect DP Series Appliance / Dell Integrated Data Protection Appliance (IDPA) to resolve multiple vulnerabilities.

  • Dell Security Update for Dell Connectrix (30 Oct 2023)

    Dell has released security updates for Dell Connectrix (Brocade) for Multiple Vulnerabilities. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Multiple Vulnerabilities in Several IBM Products (30 Oct 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Red Hat Security Updates (30 Oct 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Google Released Security Updates for Chrome (30 Oct 2023)

    Google has released Stable channel 118.0.5993.123/124 (Platform version: 15604.56/57.0) for most ChromeOS devices and Chrome Beta 119 (119.0.6045.66) for Android.

  • Security Update for openjdk-11 (29 Oct 2023)

    Debian has released a security update to resolve a vulnerability in the OpenJDK Java runtime which may result in Denial of Service (DoS).
    CVE ID: CVE-2023-22081

  • Security Update for node-browserify-sign (29 Oct 2023)

    Debian has released a security update to resolve a vulnerability in node-browserify-sign. Successful exploitation of vulnerability may lead to a signature forgery attack.
    CVE ID: CVE-2023-46234

  • Vulnerability in Leave Management System Project (27 Oct 2023)

    A SQL injection vulnerability has been discovered in Leave Management System Project v1.0.
    CVE ID: CVE-2023-44480 (Critical)

  • Vulnerability in TRtek Software Education Portal (27 Oct 2023)

    A SQL injection vulnerability has been discovered  in TRtek Software Education Portal before 3.2023.29.
    CVE ID: CVE-2023-5807 (Critical)

  • Vulnerability in Online Art Gallery (27 Oct 2023)

    A SQL injection vulnerability has been discovered in Online Art Gallery v1.0. 
    CVE ID: CVE-2023-44377 (Critical)

  • Vulnerability in Online Art Gallery (27 Oct 2023)

    A SQL injection vulnerability has been discovered in Online Art Gallery v1.0. 
    CVE ID: CVE-2023-44376 (Critical)

  • Google Released Security Updates for Chrome (27 Oct 2023)

    Google has released Chrome Dev channel to 120.0.6090.0 for Windows, Mac and Linux.

  • Multiple Vulnerabilities in Several NetApp Products (27 Oct 2023)

    Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • SUSE Security Updates (27 Oct 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (27 Oct 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Red Hat Security Updates (27 Oct 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • SQL Injection Vulnerability in BIG-IP Configuration Utility (27 Oct 2023)

    An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility. This vulnerability may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.
    CVE ID: CVE-2023-46748 (High)

  • Multiple Vulnerabilities in VMware Tools (26 Oct 2023)

    Multiple vulnerabilities have been discovered in VMware Tools. Security updates are available.
    CVE ID: CVE-2023-34057, CVE-2023-34058

  • Remote Code Execution Vulnerability in BIG-IP Configuration Utility (26 Oct 2023)

    An unauthenticated Remote Code Execution (RCE) vulnerability has been discovered in BIG-IP Configuration Utility. This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.
    CVE ID: CVE-2023-46747 (Critical)

  • Google Released Security Updates for Chrome (26 Oct 2023)

    Google has released Chrome Dev 120 (120.0.6087.2) for Android and updated Beta channel to 119.0.6045.59 for Windows, Mac and Linux.

  • SUSE Security Updates (26 Oct 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Dell Security Update (26 Oct 2023)

    Dell has released security updates to address multiple security vulnerabilities in several products. These vulnerabilities could be exploited by malicious users to compromise the affected system.

  • Red Hat Security Updates (26 Oct 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in SonicWall Directory Services Connector (25 Oct 2023)

    A local privilege escalation vulnerability has been discovered in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions. Security updates are available.
    CVE ID: CVE-2023-44219

  • Vulnerability in SonicWall NetExtender (25 Oct 2023)

    A DLL search order hijacking vulnerability has been discovered in SonicWall NetExtender Windows (32 and 64-bit) client 10.2.336 and earlier versions. Successful exploitation may result in command execution in the target system. Security updates are available.
    CVE ID: CVE-2023-44220

  • Apple Security Updates (25 Oct 2023)

    Apple has released security updates to address multiple vulnerabilities in iOS and iPadOS versions 17.1, 16.7.2 and 15.8, macOS Sonoma 14.1, macOS Ventura 13.6.1, macOS Monterey 12.7.1,tvOS 17.1, watchOS 10.1 and Safari 17.1.

  • Vulnerability in IBM CloudPak for Watson AIOps (25 Oct 2023)

    A critical vulnerability has been discovered in IBM CloudPak for Watson AIOps version 4.2.1. This vulnerability could be exploited by remote attacker to gain elevated privileges on the system.
    CVE ID: CVE-2023-41419 (Critical)

  • Google Released Security Updates for Chrome (25 Oct 2023)

    Google has released Chrome 119 (119.0.6045.53) for Android, Chrome Beta 119 (119.0.6045.53) for Android, Beta channel OS version: 15633.23.0Browser version: 119.0.6045.38 for most ChromeOS devices, Chrome Beta 119 (119.0.6045.40) for iOS and Chrome Stable 119 (119.0.6045.41) for iOS.

  • Multiple Vulnerabilities in Several IBM Products (25 Oct 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-34462 (Medium), CVE-2023-43642 (High), CVE-2023-41900 (Low), CVE-2023-41040 (Medium), CVE-2023-40167 (Medium), CVE-2023-36479 (Low), CVE-2023-41080 (Medium), CVE-2023-34455 (High),CVE-2023-34454 (High), CVE-2023-34453 (Medium), CVE-2023-34462 (Medium), CVE-2023-31122 (Medium), CVE-2023-2650 (High), CVE-2023-27522 (Medium), CVE-2023-3090 (High), CVE-2023-32002 (High),CVE-2023-32006 (Medium), CVE-2023-32559 (Medium), CVE-2023-3390 (Medium), CVE-2023-33955 (Medium), CVE-2023-35001 (High), CVE-2023-35788 (High), CVE-2023-3776 (High), CVE-2023-4004 (High),CVE-2023-4680 (Medium), CVE-2023-20593 (Medium), CVE-2023-26144 (Medium), CVE-2023-2002 (High), CVE-2023-0466 (Low), CVE-2023-0465 (Low), CVE-2023-0464 (Medium), CVE-2023-0286 (High), CVE-2023-0215(High),CVE-2022-4450 (High), CVE-2022-4304 (Medium), CVE-2019-19316 (Medium), CVE-2021-3712 (Medium), CVE-2021-4160 (Medium), CVE-2022-0778 (High), CVE-2022-1292 (Medium), CVE-2022-2068 (High), CVE-2022-2097 (Medium)

  • SUSE Security Updates (25 Oct 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.
    CVE ID: CVE-2023-3817, CVE-2023-5363

  • Vulnerability in F5 Products (25 Oct 2023)

    Multiple vulnerabilities have been discovered in several F5 products.

  • Multiple Vulnerabilities in VMware vCenter Server (25 Oct 2023)

    An out-of-bounds write vulnerability (CVE-2023-34048) and a partial information disclosure vulnerability (CVE-2023-34056) have been discovered in vCenter Server.Updates are available to remediate these vulnerabilities in affected VMware products.
    CVE ID: CVE-2023-34048 (Critical), CVE-2023-34056 (Critical)

  • Vulnerability in OpenSSL (24 Oct 2023)

    A vulnerability has been discovered in the processing of key and initialisation vector (IV) lengths. OpenSSL 3.1 and 3.0 are vulnerable to this issue.
    CVE ID: CVE-2023-5363

  • Undertow Vulnerability in NetApp Products (24 oct 2023)

    Multiple NetApp products incorporate Undertow. Undertow versions prior to 2.2.24 and 2.3.0 prior to 2.3.5 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS).
    CVE ID: CVE-2023-1108 (High)

  • Vulnerability in Rockwell Automation's Equipment (24 Oct 2023)

    Unprotected Alternate Channel vulnerability has been discovered in Rockwell Automation's Equipment: Stratix 5800 and Stratix 5200. All versions are affected.
    CVE ID: CVE-2023-20198 (Critical)

  • Security Update for Mozilla Firefox (24 Oct 2023)

    Mozilla has released security update for Firefox which addresses multiple vulnerabilities. Updated version is Firefox 119.
    CVE ID: CVE-2023-5721, CVE-2023-5722, CVE-2023-5723, CVE-2023-5724, CVE-2023-5725, CVE-2023-5726, CVE-2023-5727CVE-2023-5728, CVE-2023-5729, CVE-2023-5730, CVE-2023-5731

  • Security Update for Mozilla Thunderbird (24 Oct 2023)

    Mozilla has released security update for Thunderbird which addresses multiple vulnerabilities. Fixed version is Thunderbird 115.4.1.
    CVE ID: CVE-2023-5732, CVE-2023-5730, CVE-2023-5728, CVE-2023-5727, CVE-2023-5726, CVE-2023-5725, CVE-2023-5724, CVE-2023-5721 

  • Google Released Security Updates for Chrome (24 Oct 2023)

    Google has released security updates for Chrome to address multiple vulnerabilities.

  • SUSE Security Update (24 Oct 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Dell Security Update (23 Oct 2023)

    Dell has released security updates to address multiple security vulnerabilities in Dell Unity, Unity VSA and Unity XT. These vulnerabilities could be exploited by malicious users to compromise the affected system.
    CVE ID: CVE-2023-43074, CVE-2023-43065, CVE-2023-43066, CVE-2023-43067

  • Security Update for Tenable Identity Exposure (23 Oct 2023)

    Tenable has released security update for Identity Exposure to address multiple vulnerabilities. Updated Identity Exposure Version is 3.42.17.
    CVE ID: CVE-2023-38545, CVE-2023-38546, CVE-2023-46118, CVE-2023-23919, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807, CVE-2023-30585, CVE-2023-30588CVE-2023-30589, CVE-2023-30590, CVE-2023-32002, CVE-2023-44487

  • CVE - KB Correlation (20 Oct 2023)

    List of CVE IDs and corresponding Knowledge Base IDs as released by Microsoft during October 2023.

  • Vulnerability in web2py (18 Oct 2023)

     OS command injection vulnerability has been discovered in web2py. The affected versions are web2py 2.24.1 and earlier. 
    CVE ID: CVE-2023-45158 (Critical)
  • Vulnerability in WP Job Portal WordPress plugin (18 Oct 2023)

     SQL injection vulnerability has been discovered in WP Job Portal WordPress plugin. The affected versions are WP Job Portal WordPress plugin before 2.0.6. 
    CVE ID: CVE-2023-4490 (Critical)
  • Vulnerability in Apache ZooKeeper (18 Oct 2023)

     Authorization Bypass Through User-Controlled Key vulnerability has been discovered in Apache ZooKeeper. 
    CVE ID: CVE-2023-44981 (Critical)
  • Vulnerability in Neutron Smart VMS (18 Oct 2023)

     Authentication Bypass by Spoofing vulnerability has been discovered in Neutron Smart VMS. The affected versions are Neutron Smart VMS: before b1130.1.0.1. 
    CVE ID: CVE-2023-4178 (Critical)
  • Vulnerability in Splunk Enterprise (18 Oct 2023)

     A vulnerability has been discovered in Splunk Enterprise that allows an attacker to execute a specially crafted query that they can then use to serialize untrusted data. The affected versions are Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1.
    CVE ID: CVE-2023-40595 (Critical)
  • Vulnerability in Raffle Draw System (18 Oct 2023)

     A local file inclusion vulnerability has been discovered in Raffle Draw System. The affected version is Raffle Draw System v1.0.
    CVE ID: CVE-2023-24202 (Critical)
  • Google Released Security Updates for Chrome (18 Oct 2023)

     Google has released Chrome Beta 119 (119.0.6045.30) for iOS, Beta channel 119.0.6045.33 for Windows, Mac and Linux, Stable channel 118.0.5993.86 (Platform version: 15604.45.0) for most ChromeOS devices, and Chrome Beta 119 (119.0.6045.31) for Android.
    CVE ID: CVE-2023-5218 (Critical), CVE-2023-5475 (Medium), CVE-2023-5481 (Medium), CVE-2023-5476 (Medium), CVE-2023-5479 (Medium), CVE-2023-5485 (Low), CVE-2023-5478 (Low), CVE-2023-5486 (Low), CVE-2023-5473 (Low), CVE-2023-21143 (Medium), CVE-2020-29374 (Medium)
  • Multiple Vulnerabilities in Jenkins (18 Oct 2023)

     Multiple denial of service vulnerabilities have been discovered in Jenkins bundles Winstone-Jetty. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
    CVE ID: CVE-2023-36478 (High), CVE-2023-44487 (High)
  • CISA, NSA, FBI, and MS-ISAC Released Phishing Prevention Guidance (18 Oct 2023)

     The Phishing Prevention Guidance was created by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) to outline phishing techniques malicious actors commonly use and to provide guidance for both network defenders and software manufacturers.

  • Vulnerability in Rockwell Automation's Equipment (17 Oct 2023)

     Improper Input Validation vulnerability has been discovered in Rockwell Automation's Equipment- FactoryTalk Linx. The affected versions are FactoryTalk Linx: v6.20 and prior.
    CVE ID: CVE-2023-29464 (High)
  • Oracle Released October 2023 Critical Patch Update (17 Oct 2023)

    Oracle has released its critical patch update for October 2023 to address 387 vulnerabilities across multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-34034 (Critical), CVE-2023-38408 (Critical), CVE-2022-42920 (Critical), CVE-2022-36944 (Critical), CVE-2021-41945 (Critical), CVE-2023-23914 (Critical), CVE-2023-22946 (Critical), CVE-2022-1471 (Critical), CVE-2023-20873 (Critical), CVE-2023-39022 (Critical), CVE-2023-22072 (Critical), CVE-2023-22069 (Critical), CVE-2023-22089 (Critical), CVE-2022-26612 (Critical), CVE-2022-33980 (Critical), CVE-2023-25690 (Critical), CVE-2022-42920 (Critical)
  • Vulnerability in GitHub repository (17 Oct 2023)

    Server-Side Request Forgery (SSRF) vulnerability has been discovered in GitHub repository. The affected version is GitHub repository vriteio/vrite prior to 0.3.0.
    CVE ID: CVE-2023-5572 (Critical)
  • Vulnerability in  Biltay Technology Procost (17 Oct 2023)

    SQL Injection vulnerability has been discovered in  Biltay Technology Procost. The affected versions are Biltay Technology Procost: before 1390.
    CVE ID: CVE-2023-5046 (Critical)
  • Vulnerability in Thecosy IceCMS (17 Oct 2023)

    A vulnerability has been discovered in Thecosy IceCMS that allows a remote attacker to gain privileges via the Id and key parameters in getCosSetting. The affected version is Thecosy IceCMS v.1.0.0.
    CVE ID: CVE-2023-40833 (Critical)
  • SonicWall Security Updates (17 Oct 2023)

    SonicWall has released security updates to address multiple vulnerabilities in SonicOS Management web interface and SSLVPN portal.
    CVE ID: CVE-2023-39276 (High), CVE-2023-39277 (High), CVE-2023-39278 (High), CVE-2023-39279 (High), CVE-2023-39280 (High), CVE-2023-41711 (High), CVE-2023-41712 (High), CVE-2023-41713 (Medium), CVE-2023-41715 (Medium)
  • Google Released Security Updates for Chrome (17 Oct 2023)

    Google has released Chrome 118 (118.0.5993.80) for Android, Beta channel OS version: 15633.13.0 Browser version: 119.0.6045.23 for most ChromeOS devices, Stable channel 118.0.5993.88 for Mac and Linux and 118.0.5993.88/.89 for Windows, and Chrome Stable 118 (118.0.5993.92) for iOS.

  • Google Released Security Updates for Chrome (16 Oct 2023)

    Google has released Dev channel 120.0.6062.2 for Windows, Mac and Linux.

  • Vulnerability in Netis (16 Oct 2023)

    Command injection vulnerability has been discovered in Netis. The affected version is Netis N3Mv2-V1.0.1.865.
    CVE ID: CVE-2023-45466 (Critical)
  • Vulnerability in Cisco IOS XE Software (16 Oct 2023)

    A vulnerability has been discovered in the web UI feature of Cisco IOS XE Software that allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.
    CVE ID: CVE-2023-20198 (Critical)
  • Microsoft Edge Security Update (13 Oct 2023)

    Microsoft has released Microsoft Edge Stable Channel (Version 118.0.2088.46) to resolve vulnerability.
    CVE ID: CVE-2023-36559 (Medium)
  • Vulnerability in Biltay Technology Procost (12 Oct 2023)

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection,Command Line Execution through SQL Injection.This issue affects Procost: before 1390.
    CVE ID: CVE-2023-5046 (Critical)

  • Vulnerability in Mitsubishi Electric (12 Oct 2023)

    Improper Authentication vulnerability has been discovered in Mitsubishi Electric's MELSEC-F series that allows information disclosure, information tampering and authentication bypass. All versions of MELSEC-F series are affected.
    CVE ID: CVE-2023-4562 (Critical)
  • Vulnerability in Biltay Technology Kayisi (12 Oct 2023)

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Kayisi allows SQL Injection,Command Line Execution through SQL Injection.This issue affects Kayisi: before 1286.
    CVE ID: CVE-2023-5045 (Critical)

  • Dell Security Update (12 Oct 2023)

    Dell has released security updates to address multiple security vulnerabilities in VxRail. These vulnerabilities could be exploited by malicious users to compromise the affected system.

  • Vulnerability in MeeTime module (11 Oct 2023)

    An undefined permissions vulnerability has been discovered in the MeeTime module. Successful exploitation of this vulnerability will affect availability and confidentiality in affected product.
    CVE ID: CVE-2023-44118 (Critical)

  • Vulnerability in APPWidget module (11 Oct 2023)

    Vulnerability of access permissions not being strictly verified in the APPWidget module. Successful exploitation of this vulnerability may cause some apps to run without being authorized.
    CVE ID: CVE-2023-44116 (Critical)

  • Vulnerability in screen projection module (11 Oct 2023)

    Vulnerability of defects introduced in the design process in the screen projection module. Successful exploitation of this vulnerability may affect service availability and integrity.
    CVE ID: CVE-2023-44107 (Critical)

  • Vulnerability in GitHub repository tiann/kernelsu (11 Oct 2023)

    Incorrect Authorization vulnerability has been discovered in GitHub repository tiann/kernelsu prior to v0.6.9.
    CVE ID: CVE-2023-5521 (Critical)

  • Vulnerability in window management module (11 Oct 2023)

    Vulnerability of permissions not being strictly verified in the window management module. Successful exploitation of this vulnerability may cause features to perform abnormally.
    CVE ID: CVE-2023-44105 (Critical)

  • Vulnerability in hansun CMS (11 Oct 2023)

    SQL injection vulnerability has been discovered in hansun CMS. The affected version is hansun CMS v1.0.
    CVE ID: CVE-2023-43899 (Critical)
  • Vulnerability in Prixan prixanconnect (11 Oct 2023)

    SQL injection vulnerability has been discovered in Prixan prixanconnect. The affected versions are Prixan prixanconnect up to v1.62.
    CVE ID: CVE-2023-40920 (Critical)
  • Vulnerability in MeeTime module (11 Oct 2023)

    An undefined permissions vulnerability has been discovered in the MeeTime module. Successful exploitation of this vulnerability will affect availability and confidentiality in affected product.
    CVE ID: CVE-2023-44118 (Critical)

  • Vulnerability in APPWidget module (11 Oct 2023)

    Vulnerability of access permissions not being strictly verified in the APPWidget module. Successful exploitation of this vulnerability may cause some apps to run without being authorized.
    CVE ID: CVE-2023-44116 (Critical)

  • Vulnerability in screen projection module (11 Oct 2023)

    Vulnerability of defects introduced in the design process in the screen projection module. Successful exploitation of this vulnerability may affect service availability and integrity.
    CVE ID: CVE-2023-44107 (Critical)

  • Vulnerability in GitHub repository tiann/kernelsu (11 Oct 2023)

    Incorrect Authorization vulnerability has been discovered in GitHub repository tiann/kernelsu prior to v0.6.9.
    CVE ID: CVE-2023-5521 (Critical)

  • Vulnerability in window management module (11 Oct 2023)

    Vulnerability of permissions not being strictly verified in the window management module. Successful exploitation of this vulnerability may cause features to perform abnormally.
    CVE ID: CVE-2023-44105 (Critical)

  • Google Released Security Updates for Chrome (11 Oct 2023)

    Google has released Dev channel OS version: 15633.10.0 Browser version: 119.0.6045.16 for most ChromeOS devices, Chrome Beta 119 (119.0.6045.17) for Android, and Chrome Beta 119 (119.0.6045.18) for iOS.

  • HTTP/2 Rapid Reset Vulnerability (11 Oct 2023)

    A denial-of-service (DoS) vulnerability known as Rapid Reset has been discovered in HTTP/2 protocol because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
    CVE ID: CVE-2023-44487
  • SAP Released October 2023 Security Notes (10 Oct 2023)

    SAP has released security notes to address several critical vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Adobe Released Security Updates (10 Oct 2023)

    Adobe has released security updates to address multiple vulnerabilities in Adobe Bridge, Adobe Commerce, Magento Open Source, and Adobe Photoshop.
    CVE ID: CVE-2023-38216 (Medium), CVE-2023-38217 (Medium), CVE-2023-26370 (High), CVE-2023-38220 (High), CVE-2023-38221 (High), CVE-2023-38249 (High), CVE-2023-38250 (High), CVE-2023-38251 (Medium), CVE-2023-26367 (High), CVE-2023-38219 (High), CVE-2023-38218 (High), CVE-2023-26366 (Medium), CVE-2023-26368 (Medium) 
  • CISA, FBI, NSA, and Treasury Released Guidance on OSS in IT/ICS Environments (10 Oct 2023)

    CISA, the Federal Bureau of Investigation, the National Security Agency, and the U.S. Department of the Treasury released a guidance on improving the security of open source software (OSS) in operational technology (OT) and industrial control systems (ICS). 

  • Google Released Security Updates for Chrome (10 Oct 2023)

    Google has released Chrome 118 (118.0.5993.65) for Android, Chrome Stable 118 (118.0.5993.69) for iOS, Stable channel 118.0.5993.70 for Mac and Linux and 118.0.5993.70/.71 for Windows, and Extended Stable channel 118.0.5993.71 for Windows and 118.0.5993.70 for Mac.
    CVE ID: CVE-2023-5218 (Critical), CVE-2023-5487 (Medium), CVE-2023-5484 (Medium), CVE-2023-5475 (Medium), CVE-2023-5483 (Medium), CVE-2023-5481 (Medium), CVE-2023-5476 (Medium), CVE-2023-5474 (Medium), CVE-2023-5479(Medium), CVE-2023-5485 (Low), CVE-2023-5478 (Low), CVE-2023-5477 (Low), CVE-2023-5486 (Low), CVE-2023-5473 (Low)
  • Multiple Vulnerabilities in Fortinet Products (10 Oct 2023)

    Multiple vulnerabilities have been discovered in FortiOS and FortiProxy. Security updates are available.
    CVE ID: CVE-2023-41675 (Medium), CVE-2023-36555 (Low), CVE-2023-41841 (High), CVE-2023-37935 (Medium), CVE-2023-33301 (Medium)
  • Microsoft Released October 2023 Security Updates (10 Oct 2023)

     Microsoft has released updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-35349 (Critical), CVE-2023-36434 (Critical)
  • Vulnerability in BIG-IP Configuration Utility (10 Oct 2023)

     A directory traversal vulnerability has been discovered in BIG-IP Configuration Utility that allow an authenticated attacker to execute commands on the BIG-IP system. 
    CVE ID: CVE-2023-41373 (Critical)
  • Vulnerability in Simcenter Amesim (10 Oct 2023)

     A vulnerability has been discovered in Simcenter Amesim that allow an unauthenticated remote attacker to perform DLL injection and execute arbitrary code in the context of the affected application process. The affected versions are Simcenter Amesim below V2021.1. 
    CVE ID: CVE-2023-43625 (Critical)
  • Vulnerability in Zephyr (10 Oct 2023)

     Potential buffer overflow vulnerability has been discovered in Zephyr CAN bus subsystem.
    CVE ID: CVE-2023-3725 (Critical)
  • Vulnerability in D-Link (10 Oct 2023)

     Stack overflow vulnerability has been discovered in D-Link in the cancelPing function. The affected version is D-Link DIR-820L 1.05B03.
    CVE ID: CVE-2023-44807 (Critical)
  • Vulnerability in IBM Robotic Process Automation (10 Oct 2023)

     Stack overflow vulnerability has been discovered in IBM Robotic Process Automation. The affected version is IBM Robotic Process Automation 23.0.9.
    CVE ID: CVE-2023-43058 (Critical)
  • Vulnerability in GitHub repository (10 Oct 2023)

     OS Command Injection vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository sbs20/scanservjs prior to v2.27.0.
    CVE ID: CVE-2023-2564 (Critical)
  • Vulnerability in GitHub repository (10 Oct 2023)

     Code Injection vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository builderio/qwik prior to 0.21.0.
    CVE ID: CVE-2023-1283 (Critical)
  • Multiple Vulnerabilities in Citrix Products (10 Oct 2023)

     Multiple vulnerabilities have been discovered in Citrix Hypervisor, NetScaler ADC and NetScaler Gateway. The security updates are available for Citrix Hypervisor.
    CVE ID: CVE-2022-1304 (High), CVE-2023-20588 (High), CVE-2023-34324 (High), CVE-2023-34326 (High), CVE-2023-34327 (High), CVE-2023-4966 (Critical), CVE-2023-4967 (High)
  • Multiple Vulnerabilities in Siemens Products (10 Oct 2023)

     Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve these vulnerabilities.
    CVE ID: CVE-2023-43625 (Critical), CVE-2023-22779 (Critical), CVE-2023-22780 (Critical), CVE-2023-22781 (Critical), CVE-2023-22782 (Critical), CVE-2023-22783 (Critical), CVE-2023-22784 (Critical), CVE-2023-22785 (Critical), CVE-2023-22786 (Critical), CVE-2023-3935 (Critical), CVE-2023-36380 (Critical)
  • Schneider Electric's Security Updates (10 Oct 2023)

    Schneider Electric's has released security updates to address multiple vulnerabilities in SpaceLogic C-Bus Toolkit products and EcoStruxure Power Monitoring Expert (PME) and EcoStruxure Power Operation products.
    CVE ID: CVE-2023-5391 (Critical), CVE-2023-5402 (Critical), CVE-2023-5399 (Critical)
  • Google Released Security Updates for Chrome (09 Oct 2023)

    Google has released Chrome Beta 119 (119.0.6045.11) for Android, Dev channel OS version: 15633.6.0 Browser version: 119.0.6045.10 for most ChromeOS devices, and Dev channel 120.0.6051.2 for Windows, Mac and Linux.

  • Vulnerability in Atos Unify OpenScape (06 Oct 2023)

    A vulnerability has been discovered in Atos Unify OpenScape Session Border Controller that allows execution of administrative scripts by unauthenticated users. The affected versions are Atos Unify OpenScape Session Border Controller through V10 R3.01.03.
    CVE ID: CVE-2023-36619 (Critical)
  • Vulnerability in Easy Chat Server (06 Oct 2023)

    Stack-based buffer overflow vulnerability has been discovered in Easy Chat Server. The affected version is Easy Chat Server 3.1.
    CVE ID: CVE-2023-4494 (Critical)
  • Vulnerability in Tenda (06 Oct 2023)

    Buffer overflow vulnerability has been discovered in Tenda. The affected version is Tenda AC6 v15.03.05.19.
    CVE ID: CVE-2023-40830 (Critical)
  • Multiple Vulnerabilities in Mitsubishi Electric's Equipment (05 Oct 2023)

    Information disclosure and Denial-of-Service (DoS) vulnerabilities due to OpenSSL vulnerabilities have been discovered in Mitsubishi Electric's equipment- CC-Link IE TSN Industrial Managed Switch. All versions of NZ2MHG-TSNT8F2 and NZ2MHG-TSNT4 are affected.
    CVE ID: CVE-2022-4304 (Medium), CVE-2022-4450 (Medium)
  • CISA and NSA Release New Guidance on Identity and Access Management (04 Oct 2023)

    CISA and NSA have released New Guidance on Identity and Access Management that aims to address risks that threaten critical infrastructure and national security systems.

  • Cisco Released Security Updates for Multiple Products (04 Oct 2023)

    Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2021-1572 (High), CVE-2023-20259 (High), CVE-2023-20235 (Medium)
  • Apple Security Updates (04 Oct 2023)

    Apple has released security updates to address multiple vulnerabilities in iOS 17.0.3 and iPadOS 17.0.3. An attacker can exploit these vulnerabilities to take control of an affected device.
    CVE ID: CVE-2023-42824, CVE-2023-5217
  • Drupal Security Updates (04 Oct 2023)

    Drupal has released security updates to resolve an access bypass vulnerability in Mail Login, third-party library used in it.

  • Google Released Security Updates for Chrome (04 Oct 2023)

    Google has released  Chrome 118 (118.0.5993.48) for Android, Beta channel 118.0.5993.54 for Windows, Mac and Linux, Stable channel 118.0.5993.54 for Windows and Mac, and Chrome Beta 118 (118.0.5993.48) for Android. 

  • Microsoft Edge Security Update (04 Oct 2023)

    Microsoft has released Microsoft Edge Stable Channel (Version 117.0.2045.55) to resolve vulnerability.

  • Vulnerability in DTS Monitoring (04 Oct 2023)

    OS command injection vulnerability has been discovered in DTS Monitoring. The affected version is DTS Monitoring 3.57.0.
    CVE ID: CVE-2023-33273 (Critical)
  • Vulnerability in GitHub repository (04 Oct 2023)

    OS command injection vulnerability has been discovered in GitHub repository. The affected version are GitHub repository salesagility/suitecrm prior to 7.14.1.
    CVE ID: CVE-2023-5350 (Critical)
  • Vulnerability in mojoPortal (04 Oct 2023)

    Arbitrary code execution vulnerability has been discovered in mojoPortal. The affected version is mojoPortal v.2.7.0.0.
    CVE ID: CVE-2023-44011 (Critical)
  • Cisco Released Security Updates for Cisco Emergency Responder (04 Oct 2023)

    Cisco has released security updates to address Static Credentials vulnerability in Cisco Emergency Responder. An attacker can exploit this vulnerability to take control of an affected system.
    CVE ID: CVE-2023-20101 (Critical)
  • Vulnerability in Moxa NPort 5000 Series Firmware (03 Oct 2023)

    An improper validation of integrity check vulnerability has been discovered in Moxa NPort 5000 Series Firmware. This vulnerability can allow an unauthorized attacker to gain control of a device.
    CVE ID: CVE-2023-4929 (Medium)
  • Google Released Security Updates for Chrome (03 Oct 2023)

    Google has released Chrome 117 (117.0.5938.153) for Android, and Stable channel 117.0.5938.149 for Mac and Linux and 117.0.5938.149/.150 for Windows.
    CVE ID: CVE-2023-5346 (High)
  • Android Security Updates (02 Oct 2023)

    Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2023-10-06 or later, address all of these issues.

  • Microsoft Edge Security Update (29 Sep 2023)

    Microsoft has released Microsoft Edge Stable (Version 117.0.2045.47) and Extended Stable Channel (Version 116.0.1938.98) to resolve vulnerability.
    CVE ID: CVE-2023-5217
  • Mozilla Security Updates for Firefox, Firefox ESR, Firefox Focus for Android, Firefox for Android (28 Sep 2023)

     Mozilla has released security update to address a heap buffer overflow vulnerability in Firefox 118.0.1, Firefox ESR 115.3.1, Firefox Focus for Android 118.1, and Firefox for Android 118.1. An attacker can exploit this vulnerability to take control of an affected system.
    CVE ID: CVE-2023-5217 (Critical)
  • Google Released Security Updates for Chrome (28 Sep 2023)

     Google has released Chrome Beta 118 (118.0.5993.32) for Android, Chrome Beta 118 (118.0.5993.29) for iOS, Extended Stable channel 116.0.5845.228 for Windows and Mac, and Beta channel 118.0.5993.32 for Windows, Mac and Linux.
    CVE ID: CVE-2023-20252 (Critical), CVE-2023-20253 (High), CVE-2023-20034 (High), CVE-2023-20254 (High), CVE-2023-20262 (Medium)
  • WS_FTP Security Updates (27 Sep 2023)

    WS_FTP has released security updates to address multiple vulnerabilities in WS_FTP Server Ad hoc Transfer Module and WS_FTP Server manager interface. All versions of WS_FTP Server are affected.
    CVE ID: CVE-2023-40044 (Critical), CVE-2023-42657 (Critical), CVE-2023-40045 (High), CVE-2023-40046 (High), CVE-2023-40047 (High), CVE-2023-40048 (Medium), CVE-2022-27665 (Medium), CVE-2023-40049 (Medium)
  • Cisco Released Security Updates for Cisco Catalyst SD-WAN Manager (27 Sep 2023)

     Cisco has released security updates to address multiple vulnerabilities in Cisco Catalyst SD-WAN Manager. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-20252 (Critical), CVE-2023-20253 (High), CVE-2023-20034 (High), CVE-2023-20254 (High), CVE-2023-20262 (Medium)
  • Google Released Security Updates for Chrome (27 Sep 2023)

     Google has released Stable channel has been updated to 117.0.5938.132 for Windows, Mac and Linux. This update contains a fix for CVE-2023-5217, which has an exploit in the wild.
    CVE ID: CVE-2023-5217 (High), CVE-2023-5186 (High), CVE-2023-5187 (High)
  • Google Released Security Updates for Chrome (27 Sep 2023)

     Google has released Chrome 117 (117.0.5938.140) for Android, and ChromeOS LTS 114.
    CVE ID: CVE-2023-4863 (High), CVE-2023-4429 (High), CVE-2023-4572 (High), CVE-2023-4428 (High)
  • Vulnerability in Cisco Group Encrypted Transport VPN Software (27 Sep 2023)

     An out of bounds write vulnerability has been discovered in Cisco Group Encrypted Transport VPN (GET VPN) of Cisco IOS and IOS XE Software. A successful exploit can allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a denial of service (DoS) condition. Cisco has discovered attempted exploitation of the GET VPN feature.
    CVE ID: CVE-2023-20109 (Medium)
  • Cisco Released Security Updates for Multiple Products (27 Sep 2023)

     Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-20231 (High), CVE-2023-20187 (High), CVE-2023-20227 (High), CVE-2023-20223 (High), CVE-2023-20033 (High), CVE-2023-20226 (High), CVE-2023-20186 (High), CVE-2023-20269 (Medium), CVE-2023-20202 (Medium), CVE-2023-20179 (Medium), CVE-2023-20176 (Medium), CVE-2023-20251 (Medium), CVE-2023-20268 (Medium)
  • VMware Security Updates (26 Sep 2023)

     VMware has released security updates to address a local privilege escalation vulnerability in VMware Aria Operations. An attacker can exploit this vulnerability to take control of an affected system.
    CVE ID: CVE-2023-34043 (Medium)
  • Apple Security Updates (26 Sep 2023)

     Apple has released security updates to address multiple vulnerabilities in iOS 17.0.2 and iPadOS 17.0.2, watchOS 10.0.2, Safari 17, and macOS Sonoma 14. An attacker can exploit these vulnerabilities to take control of an affected device.
    CVE ID: CVE-2023-40417, CVE-2023-40451, CVE-2023-41074, CVE-2023-35074, CVE-2023-41993, CVE-2023-40384, CVE-2023-32377, CVE-2023-38615, CVE-2023-40448, CVE-2023-40432, CVE-2023-40399, CVE-2023-40410, CVE-2023-32361, CVE-2023-35984, CVE-2023-40402
  • Vulnerability in Accusoft ImageGear (25 Sep 2023)

    An out-of-bounds write vulnerability has been discovered in Accusoft ImageGear. The affected version is Accusoft ImageGear 20.1.
    CVE ID: CVE-2023-40163 (Critical)
  • Vulnerability in Docker Desktop (25 Sep 2023)

    A Remote Code Execution(RCE) vulnerability has been discovered in Docker Desktop. The affected versions are Docker Desktop before 4.12.0.
    CVE ID: CVE-2023-0626 (Critical)
  • Vulnerability in Gevent Gevent (25 Sep 2023)

    A vulnerability has been discovered in Gevent Gevent that allows a remote attacker to escalate privileges. The affected versions are Gevent Gevent before version 23.9.1.
    CVE ID: CVE-2023-41419 (Critical)
  • Vulnerability in Kernel Module (25 Sep 2023)

    A missing authorization vulnerability has been discovered in kernel module. Successful exploitation of this vulnerability may affect integrity and confidentiality.
    CVE ID: CVE-2023-41296 (Critical)
  • Vulnerability in DP Module (25 Sep 2023)

    A service hijacking vulnerability has been discovered in DP module. Successful exploitation of this vulnerability may affect some Super Device services.
    CVE ID: CVE-2023-41294 (Critical)
  • Vulnerability in Rockwell Automation (22 Sep 2023)

     A buffer overflow vulnerability has been discovered in Rockwell Automation select 1756-EN* communication devices.
    CVE ID: CVE-2023-2262 (Critical)
  • Google Released Security Updates for Chrome (22 Sep 2023)

     Google has released Dev channel 119.0.6020.3 for Windows, Mac and Linux.

  • Vulnerability in Real Time Automation's Equipment (21 Sep 2023)

     A vulnerability has been discovered in Real Time Automation's Equipment- 460MCBS which allows to run malicious JavaScript content, resulting in Cross Site Scripting (XSS). The affected versions are Real Time Automation 460 Series prior to v8.9.8.
    CVE ID: CVE-2023-4523 (Critical)
  • Vulnerability in Rockwell Automation's Equipment (21 Sep 2023)

     A stack based buffer overflow vulnerability has been discovered in Rockwell Automation Logix Communication Modules that causes Remote Code Execution (RCE). The affected products are Rockwell Automation's Equipment- 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK. The mitigations are available.
    CVE ID: CVE-2023-2262 (Critical)
  • Multiple Vulnerabilities in Rockwell Automation's Equipment (21 Sep 2023)

     An use after free and out of bounds write vulnerabilities have been discovered in Rockwell Automation's Equipment- Connected Components Workbench. The affected versions are Connected Components Workbench prior to R21. The mitigations are available.
    CVE ID: CVE-2020-16017 (Critical), CVE-2022-0609 (High), CVE-2020-16009 (High), CVE-2020-16013 (High), CVE-2020-15999 (High)
  • Rockwell Automation Security Updates (21 Sep 2023)

     Rockwell Automation has released security updates to address an improper input validation vulnerability in its equipment- FactoryTalk View Machine Edition. The affected versions are FactoryTalk View Machine Edition: v13.0, v12.0 and prior.
    CVE ID: CVE-2023-2071 (Critical)
  • Apple Security Updates (21 Sep 2023)

     Apple has released security updates to address multiple vulnerabilities in iOS 17.0.2, Safari 16.6.1, iOS 17.0.1 and iPadOS 17.0.1, iOS 16.7 and iPadOS 16.7, watchOS 10.0.1, watchOS 9.6.3, macOS Ventura 13.6, and macOS Monterey 12.7. An attacker can exploit these vulnerabilities to take control of an affected device.
    CVE ID: CVE-2023-41991, CVE-2023-41992, CVE-2023-41993
  • Vulnerability in Delta Electronics' Equipment (21 Sep 2023)

     An out of bounds write vulnerability has been discovered in Delta Electronics' Equipment- DIAScreen. The affected versions are DIAScreen prior to v1.3.2.
    CVE ID: CVE-2023-5068 (High)
  • Snatch Ransomware Targeting Critical Sectors (20 Sep 2023)

    It has been observed that Snatch ransomware is spreading through malicious email attachments to infiltrate into the targeted network. Adversary deletes volume shadow copies from a victim’s filesystem to inhibit system recovery. Snatch ransomware has targeted a wide range of critical infrastructure sectors including the Defense Industrial Base (DIB), Food and Agriculture and Information Technology sectors. 

  • Drupal Security Updates (20 Sep 2023)

     Drupal has released security updates to resolve a cache poisoning vulnerability in Drupal core.

  • Multiple Vulnerabilities in Jenkins (20 Sep 2023)

     Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
    CVE ID: CVE-2023-43494 (Medium), CVE-2023-43495 (High), CVE-2023-43496 (High), CVE-2023-43497 (Low), CVE-2023-43498 (Low), CVE-2023-43499 (High), CVE-2023-43500 (Medium), CVE-2023-43501 (Medium), CVE-2023-43502 (Medium)
  • ISC Released Security Updates for BIND 9 (20 Sep 2023)

     ISC has released security updates to address two vulnerabilities affecting multiple versions of the ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit these vulnerabilities to take control of an affected device.
    CVE ID: CVE-2023-4236 (High), CVE-2023-3341 (High)
  • Atlassian Security Updates (19 Sep 2023)

     Atlassian has released a security bulletin to resolve multiple vulnerabilities affecting its products. 
    CVE ID: CVE-2022-25647 (High), CVE-2023-22512 (High), CVE-2023-22513 (High), CVE-2023-28709 (High)
  • Trend Micro Security Updates (19 Sep 2023)

     Trend Micro has released security updates to address a vulnerability in the 3rd party AV uninstaller module that is provided with the endpoint products for Trend Micro Apex One (on-premise and SaaS), Worry-Free Business Security and Worry-Free Business Security Services (SaaS).
    CVE ID: CVE-2023-41179 (Critical)
  • Vulnerability in FUXA (19 Sep 2023)

     A remote command execution (RCE) vulnerability has been discovered in FUXA that allows attackers to execute arbitrary commands via a crafted POST request. The affected version is FUXA 1.1.13.
    CVE ID: CVE-2023-33831 (Critical)
  • Vulnerability in Honeywell PM43 (19 Sep 2023)

     Improper Input Validation vulnerability has been discovered in Honeywell PM43. The affected versions are PM43 prior to P10.19.050004.
    CVE ID: CVE-2023-3710 (Critical)
  • Vulnerability in IBOS (19 Sep 2023)

     SQL injection vulnerability has been discovered in IBOS. The affected version is IBOS OA 4.5.5.
    CVE ID: CVE-2023-4852 (Critical)
  • Vulnerability in FRRouting FRR (19 Sep 2023)

     A vulnerability has been discovered in FRRouting FRR that does not check for an overly large length of the rcv software version. The affected version is FRRouting FRR 9.0. bgpd/bgp_open.c.
    CVE ID: CVE-2023-41361 (Critical)
  • Vulnerability in Mitsubishi Electric (19 Sep 2023)

     A malicious code execution vulnerability has been discovered in Mitsubishi Electric's FA Engineering software products that can result in information disclosure, tampering with and deletion, or a Denial of Service (DoS) condition. The affected products are all versions of GX Works3. The mitigation is available.
    CVE ID: CVE-2023-4088 (Critical)
  • GitLab Security Updates (18 Sep 2023)

     GitLab has released updated versions 16.3.4 and 16.2.7 for GitLab Community Edition (CE) and Enterprise Edition (EE) to resolve vulnerability.
    CVE ID: CVE-2023-5009 (Critical)
  • Vulnerability in Movus (18 Sep 2023)

     A SQL Injection vulnerability has been discovered in Movus. The affected versions are Movus before 20230913.
    CVE ID: CVE-2023-4766 (Critical)
  • Vulnerability in Adobe ColdFusion (18 Sep 2023)

     A deserialization of untrusted data vulnerability has been discovered in Adobe ColdFusion. The affected versions are Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier).
    CVE ID: CVE-2023-38204 (Critical)
  • Vulnerability in libtom libtommath (18 Sep 2023)

     An integer overflow vulnerability has been discovered in mp_grow of libtom libtommath that  allows to execute arbitrary code and causes a Denial of Service (DoS). The affected versions are libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9.
    CVE ID: CVE-2023-36328 (Critical)
  • Vulnerability in PHPGurukul Online Security Guards Hiring System (18 Sep 2023)

     A SQL Injection vulnerability has been discovered in PHPGurukul Online Security Guards Hiring System. The affected version is PHPGurukul Online Security Guards Hiring System v.1.0.
    CVE ID: CVE-2023-39551 (Critical)
  • Vulnerability in Microsoft Edge (17 Sep 2023)

     An elevation of privilege vulnerability has been discovered in Microsoft Edge (Chromium-based).
    CVE ID: CVE-2023-36735 (Critical)
  • Vulnerability in Artifex Ghostscript (17 Sep 2023)

     A buffer overflow vulnerability has been discovered in Artifex Ghostscript. The affected versions are Artifex Ghostscript through 10.01.0.
    CVE ID: CVE-2023-28879 (Critical)
  • Google Released Security Updates for Chrome (16 Sep 2023)

     Google has released Chrome Stable 117 (117.0.5938.108) for iOS.

  • Vulnerability in SNMP Web Pro (15 Sep 2023)

     A vulnerability has been discovered in SNMP Web Pro that allows to execute arbitrary code and obtain sensitive information via a crafted request. The affected versions are SNMP Web Pro v.1.1.
    CVE ID: CVE-2023-39073 (Critical)
  • Vulnerability in Dover Fueling Solutions MAGLINK LX Web Console Configuration (15 Sep 2023)

     An authentication bypass vulnerability has been discovered in Dover Fueling Solutions MAGLINK LX Web Console Configuration. The affected versions are Dover Fueling Solutions MAGLINK LX Web Console Configuration 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3.
    CVE ID: CVE-2023-41256 (Critical)
  • Vulnerability in Intel(R) Ethernet Controller RDMA driver (15 Sep 2023)

     An improper access control vulnerability has been discovered in the Intel(R) Ethernet Controller RDMA driver for Linux. The affected versions are Intel(R) Ethernet Controller RDMA driver for Linux before version 1.9.30.
    CVE ID: CVE-2023-25775 (Critical)
  • Vulnerability in Linux kernel (15 Sep 2023)

     An out-of-bounds read vulnerability has been discovered in the Linux kernel. The affected versions are Linux kernel before 6.3.4.
    CVE ID: CVE-2023-38426 (Critical)
  • Microsoft Edge Security Update (15 Sep 2023)

     Microsoft has released Microsoft Edge Stable Channel (Version 109.0.1518.140) to resolve the heap buffer overflow vulnerability in WebP.
    CVE ID: CVE-2023-4863
  • Google Released Security Updates for Chrome (15 Sep 2023)

     Google has released Stable channel 117.0.5938.88 for Mac and Linux and 117.0.5938.88/.89 for Windows.

  • CVE - KB Correlation (15 Sep 2023)

    List of CVE IDs and corresponding Knowledge Base IDs as released by Microsoft during September 2023.

  • Google Released Security Updates for Chrome (14 Sep 2023)

     Google has released Chrome Dev 119 (119.0.6006.3) for Android, and Chrome Stable 117 (117.0.5938.104) for iOS.

  • Siemens Security Updates (14 Sep 2023)

     Siemens has released security updates to address local privilege escalation and sensitive information disclosure vulnerabilities in Spectrum Power 7 and SIMATIC PCS neo respectively.
    CVE ID: CVE-2023-38557 (High), CVE-2023-38558 (Medium)
  • Microsoft Released September 2023 Security Updates (14 Sep 2023)

     Microsoft has released updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.

  • Drupal Security Updates (13 Sep 2023)

     Drupal has released security updates to resolve an access bypass vulnerability in Mail Login, third-party library used in it.

  • Multiple Vulnerabilities in Palo Alto Networks (13 Sep 2023)

     Multiple vulnerabilities have been discovered in Palo Alto Networks' Cortex XDR Agent and BGP Software. Security updates are available for Cortex XDR Agent.
    CVE ID: CVE-2023-3280 (Medium), CVE-2023-38802 (High)
  • Fortinet Security Updates for FortiOS (13 Sep 2023)

     Fortinet has released security updates to address a Stored XSS vulnerability in FortiOS and FortiProxy. The affected versions are FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.11, FortiOS version 6.4.0 through 6.4.12, and FortiOS version 6.2.0 through 6.2.14.
    CVE ID: CVE-2023-29183 (High)
  • Google Released Security Updates for Chrome (13 Sep 2023)

     Google has released Chrome Beta 118 (118.0.5993.13) for Android, Chrome Beta 118 (118.0.5993.13) for iOS, Stable channel has been updated to 109.0.5414.165 for Windows Server 2012 and Windows Server 2012 R2, Dev channel 118.0.5993.11 for Windows, Mac and Linux, and Chrome Stable 117 (117.0.5938.82) for iOS.

  • Cisco Released Security Updates for Multiple Products (13 Sep 2023)

     Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-20135 (Medium), CVE-2023-20236 (Medium), CVE-2023-20233 (Medium), CVE-2023-20191 (Medium), CVE-2023-20190 (Medium)
  • Google Released Security Updates for Chrome (13 Sep 2023)

     Google has released Chrome Beta 118 (118.0.5993.13) for Android, Chrome Beta 118 (118.0.5993.13) for iOS, Stable channel 109.0.5414.165 for Windows Server 2012 and Windows Server 2012 R2, Dev channel 118.0.5993.11 for Windows, Mac and Linux and Chrome Stable 117 (117.0.5938.82) for iOS.

  • SAP Released September 2023 Security Notes (12 Sep 2023)

     SAP has released security notes to address several critical vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-40622 (Critical), CVE-2022-41272 (Critical), CVE-2023-25616 (Critical), CVE-2023-40309 (Critical), CVE-2023-42472 (High), CVE-2023-40308 (High)
  • Microsoft Edge Security Update (12 Sep 2023)

     Microsoft has released Microsoft Edge Stable and Extended Stable Channel (Version 116.0.1938.81) to resolve vulnerability.
    CVE ID: CVE-2023-4863
  • Multiple Vulnerabilities in Siemens Products (12 Sep 2023)

     Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve these vulnerabilities.
    CVE ID: CVE-2023-3338 (Medium), CVE-2023-3389 (High), CVE-2023-3268 (High), CVE-2023-3141 (High), CVE-2023-1095 (Medium)
  • GitLab Security Update (12 Sep 2023)

     GitLab has released Community Edition and Enterprise Edition version 16.2.6 to resolve a number of regressions and bugs.

  • Adobe Released Security Updates (12 Sep 2023)

     Adobe has released security updates to address multiple vulnerabilities in Adobe Connect, Adobe Acrobat & Reader and Adobe Experience Manager. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-29305 (Medium), CVE-2023-29306 (Medium), CVE-2023-26369 (High), CVE-2023-38214 (Medium), CVE-2023-38215 (Medium)
  • Siemens Security Updates for WIBU Systems (12 Sep 2023)

     Siemens has released security updates to address a heap buffer overflow vulnerability in WIBU systems that affects Siemens products. 
    CVE ID: CVE-2023-3935 (Critical)
  • Mozilla Released Security Updates (12 Sep 2023)

     Mozilla has released a security update to address the heap buffer overflow vulnerability in Firefox 117.0.1, Firefox ESR 102.15.1, Firefox ESR 115.2.1, Thunderbird 102.15.1, and Thunderbird 115.2.2. An attacker can exploit this vulnerability to take control of an affected system.
    CVE ID: CVE-2023-4863 (Critical)
  • Google Released Security Updates for Chrome (12 Sep 2023)

     Google has released Chrome Stable channel 117.0.5938.62  for Linux & Mac and 117.0.5938.62/.63 for Windows to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-4863, CVE-2023-4900,CVE-2023-4901, CVE-2023-4902, CVE-2023-4903, CVE-2023-4904, CVE-2023-4905, CVE-2023-4906, CVE-2023-4907, CVE-2023-4908, CVE-2023-4909
  • Schneider Electric's Security Updates (12 Sep 2023)

    Schneider Electric's has released security updates to address a missing authentication for critical function vulnerability in IGSS (Interactive Graphical SCADA System) product that can cause Remote Code Execution (RCE). The affected versions are IGSS Update Service v16.0.0.23211 and prior.
    CVE ID: CVE-2023-4516 (High)
  • Google Security Updates (12 Sep 2023)

    A heap buffer overflow vulnerability has been discovered in WebP in Google Chrome prior to 116.0.5845.187, that allows to perform out of bounds memory writing via a crafted HTML page. Google has released updated Stable and Extended stable channels 116.0.5845.187 for Mac and Linux and 116.0.5845.187/.188 for Windows to resolve this vulnerability.

  • Apple Security Updates (11 Sep 2023)

     Apple has released security updates to address multiple vulnerabilities in macOS Monterey 12.6.9, macOS Big Sur 11.7.10, iOS 15.7.9 and iPadOS 15.7.9. An attacker can exploit some of these vulnerabilities to take control of an affected device.
    CVE ID: CVE-2023-41064
  • Google Released Security Updates for Chrome (11 Sep 2023)

     Google has released Chrome 117 (117.0.5938.60) for Android, Chrome Beta 117 (117.0.5938.60) for Android, Stable and Extended stable channels 116.0.5845.187 for Mac and Linux and 116.0.5845.187/.188 for Windows, and Beta channel OS version: 15572.34.0 Browser version: 117.0.5938.55 for most ChromeOS devices.
    CVE ID: CVE-2023-4863 (Critical)
  • Vulnerability in Pyramid (11 Sep 2023)

    A memory corruption vulnerability has been discovered in Pyramid. The affected versions are Pyramid 2.0.0 and 2.0.1.
    CVE ID: CVE-2023-40587 (Low)
  • Vulnerability in Crypto Currency Tracker (11 Sep 2023)

    Incorrect access control vulnerability has been discovered in the User Registration page of Crypto Currency Tracker (CCT) that allows unauthenticated attackers to register as an Admin account via a crafted POST request. The affected versions are Crypto Currency Tracker (CCT) before v9.5.
    CVE ID: CVE-2023-37759 (Critical)
  • Vulnerability in ArubaOS-Switch (11 Sep 2023)

    A memory corruption vulnerability has been discovered in ArubaOS-Switch that can lead to unauthenticated remote code execution by receiving specially crafted packets.
    CVE ID: CVE-2023-39268 (Critical)
  • Vulnerability in ARDEREG Sistema SCADA Central (11 Sep 2023)

    An unauthenticated blind SQL injection vulnerability has been discovered in ARDEREG Sistema SCADA Central. The affected versions are ARDEREG Sistema SCADA Central versions 2.203 and prior.
    CVE ID: CVE-2023-4485 (Critical)
  • Notepad++ Security Updates (08 Sep 2023)

     Notepad++ has released a security update to address multiple vulnerabilities in its products. 
    CVE ID: CVE-2023-40031 (High), CVE-2023-40036 (Medium), CVE-2023-40164 (Medium), CVE-2023-40166 (Medium)
  • Multiple vulnerabilities in Cisco Identity Services Engine (ISE) (08 Sep 2023)

    Multiple privilege escalation vulnerabilities have been discovered in Cisco Identity Services Engine (ISE). The updates are available.
    CVE ID: CVE-2023-20193 (Medium), CVE-2023-20194 (Medium)
  • Active Exploitation of Vulnerabilities CVE-2022-47966 and CVE-2022-42475 (07 Sep 2023)

    It has been observed that Advanced Persistent Threat (APT) actors have exploited the Remote Code Execution (RCE) vulnerability (CVE-2022-47966) in Multiple Zoho ManageEngine on-premise products and the heap-based buffer overflow vulnerability (CVE-2022-42475 ) in FortiOS SSL-VPN. The mitigations are available.
    CVE ID: CVE-2022-47966 (Critical), CVE-2022-42475 (Critical)
  • Multiple Vulnerabilities in Dover Fueling Solutions' Equipment (07 Sep 2023)

    Multiple vulnerabilities have been discovered in Dover Fueling Solutions' Equipment- MAGLINK LX - Web Console Configuration that can allow to gain full access to the system. The affected versions are MAGLINK LX Web Console Configuration: version 2.5.1, version 2.5.2, version 2.5.3, version 2.6.1, version 2.11, version 3.0, version 3.2, and version 3.3. The mitigations are available.
    CVE ID: CVE-2023-41256 (Critical), CVE-2023-36497 (High), CVE-2023-38256 (Medium)
  • Google Released Security Updates for Chrome (07 Sep 2023)

    Google has released Chrome Dev 118 (118.0.5993.2) for Android, Dev channel 118.0.5993.3 for Windows, Mac & Linux and Chrome Beta 117 (117.0.5938.54) for iOS.

  • Microsoft Edge Security Update (07 Sep 2023)

    Microsoft has released Microsoft Edge Stable Channel (Version 116.0.1938.76) to resolve multiple vulnerabilities.

  • Phoenix Contact Released Security Updates (07 Sep 2023)

    Phoenix Contact has released security updates to address Cross Site Scripting (XSS), and XML entity expansion vulnerabilities in its equipment- TC ROUTER and TC CLOUD CLIENT. An attacker can exploit these vulnerabilities to take control of an affected system. 
    CVE ID: CVE-2023-3526 (Critical), CVE-2023-3569 (Medium)
  • Multiple Vulnerabilities in Socomec's Equipment (07 Sep 2023)

    Multiple vulnerabilities have been discovered in Socomec's Equipment- MOD3GP-SY-120K that allows to execute malicious Javascript code, obtain sensitive information, or steal session cookies. The affected versions are MODULYS GP (MOD3GP-SY-120K) Web firmware v01.12.10.
    CVE ID: CVE-2023-38582 (Medium), CVE-2023-39446 (High), CVE-2023-41965 (High), CVE-2023-41084 (Critical), CVE-2023-40221 (High), CVE-2023-39452 (High), CVE-2023-38255 (Medium)
  • Wordpress Released Security Update for Media Library Assistant plugin (06 Sep 2023)

    WordPress has released a security update to resolve local file inclusion and Remote Code Execution (RCE) vulnerability in Media Library Assistant plugin. The affected versions are Media Library Assistant plugin for WordPress 
    CVE ID: CVE-2023-4634 (Critical)
  • Cisco Released Security Updates for Multiple Products (06 Sep 2023)

    Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-20269 (Medium), CVE-2023-20263 (Medium), CVE-2023-20250 (Medium), CVE-2023-20243 (High)
  • Cisco Released Security Updates (06 Sep 2023)

    Cisco has released security updates to address a vulnerability in the Single Sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-20238 (Critical)
  • Multiple Vulnerabilities in Several IBM Products (06 Sep 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Android Security Updates (05 Sep 2023)

    Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2023-09-05 or later, address all of these issues.

  • Vulnerability in Fujitsu Limited's Equipment (05 Sep 2023)

    Use of hard coded credentials vulnerability has been discovered in Fujitsu Limited's Equipment- Real-time Video Transmission Gear "IP series" that can result in logging into the web interface using the obtained credentials.
    CVE ID: CVE-2023-38433 (Medium)
  • Vulnerabilities in Asus Routers (05 Sep 2023)

    Three Critical Severity Remote Code Execution (RCE) vulnerabilities have been discovered in ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U routers. Successful exploitation of vulnerabilities may allow adversaries to hijack devices. The affected products are ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U in firmware versions 3.0.0.4.386_50460, 3.0.0.4.386_50460, and 3.0.0.4_386_51529 respectively.
    CVE ID: CVE-2023-39238, CVE-2023-39239, CVE-2023-39240
  • Google Released Security Updates for Chrome (05 Sep 2023)

    Google has released Chrome 116 (116.0.5845.172) for Android, Chrome Stable 116 (116.0.5845.177) for iOS and Stable & Extended stable channels 116.0.5845.179 for Mac & Linux & 116.0.5845.179/.180 for Windows to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-4761 (High), CVE-2023-4762 (High), CVE-2023-4763 (High), CVE-2023-4764 (High)
  • Vulnerability in Mestav Software E-commerce Software (05 Sep 2023)

    A SQL injection vulnerability has been discovered in Mestav Software E-commerce Software. The affected versions are E-commerce Software: before 20230901.
    CVE ID: CVE-2023-4531 (Critical)
  • Vulnerability in Digita Information Technology Smartrise Document Management System (05 Sep 2023)

    A SQL injection vulnerability has been discovered in Digita Information Technology Smartrise Document Management System. The affected versions are Smartrise Document Management System: before Hvl-2.0.
    CVE ID: CVE-2023-4034 (Critical)
  • Vulnerability in Bookreen (05 Sep 2023)

    An OS command injection vulnerability has been discovered in Bookreen. The affected versions are Bookreen: before 3.0.0.
    CVE ID: CVE-2023-3375 (Critical)
  • Vulnerability in Bookreen (05 Sep 2023)

    A privilege escalation vulnerability has been discovered in Bookreen. The affected versions are Bookreen: before 3.0.0.
    CVE ID: CVE-2023-3374 (Critical)
  • Vulnerability in LanChain-ai Langchain (05 Sep 2023)

    A vulnerability has been discovered in LanChain-ai Langchain that allows to execute arbitrary code. The affected version is LanChain-ai Langchain v.0.0.245.
    CVE ID: CVE-2023-39631 (Critical)
  • Vulnerability in GruppoSCAI RealGimm (05 Sep 2023)

    An arbitrary file upload vulnerability has been discovered in the Carica immagine function of GruppoSCAI RealGimm. The affected version is GruppoSCAI RealGimm 1.1.37p38.
    CVE ID: CVE-2023-41637 (Critical)
  • Vulnerability in GruppoSCAI RealGimm (05 Sep 2023)

    A SQL injection vulnerability has been discovered in the Data Richiesta dal parameter of GruppoSCAI RealGimm. The affected version is GruppoSCAI RealGimm v1.1.37p38.
    CVE ID: CVE-2023-41636 (Critical)
  • Vulnerability in Chitor-CMS (05 Sep 2023)

    A SQL injection vulnerability has been discovered in Chitor-CMS. The affected versions are Chitor-CMS before v1.1.2.
    CVE ID: CVE-2023-31714 (Critical)
  • Vulnerability in PHP (05 Sep 2023)

    A stack buffer overflow vulnerability has been discovered in PHP. The affected versions are  PHP version 8.0.* before 8.0.30,  8.1.* before 8.1.22, and 8.2.* before 8.2.8.
    CVE ID: CVE-2023-3824 (Critical)
  • Multiple Vulnerabilities in Softneta's Equipment (05 Sep 2023)

    Multiple vulnerabilities have been discovered in Softneta's Equipment- MedDream PACS that allow an attacker to obtain and leak plaintext credentials or remotely execute arbitrary code. The affected versions are MedDream PACS: v7.2.8.810 and prior.
    CVE ID: CVE-2023-40150 (Critical), CVE-2023-39227 (Medium)
  • Vulnerability in Wavelink Avalanche Manager (04 Sep 2023)

    A vulnerability has been discovered in Wavelink Avalanche Manager that results in service disruption or arbitrary code execution if successfully exploited by a specially crafted message.
    CVE ID: CVE-2023-32560 (Critical)
  • Moxa Security Updates (04 Sep 2023)

    Moxa has released security updates to resolve multiple vulnerabilities in NPort 5600 Series, TN-5900 Series, and TN-4900 Series. The affected versions are NPort 5600 Series version 3.11 and lower, TN-5900 Series version v3.3 and prior versions, and TN-4900 Series version v1.2.4 and prior versions.
    CVE ID: CVE-2023-33237 (High), CVE-2023-33238 (High), CVE-2023-33239 (High), CVE-2023-34213 (High), CVE-2023-34214 (High), CVE-2023-34215 (High), CVE-2023-34216 (High), CVE-2023-34217 (High)
  • Vulnerability in Tenda (01 Sep 2023)

    Command execution vulnerability has been discovered in Tenda. The affected version is Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin.
    CVE ID: CVE-2023-40838 (Critical)
  • Vulnerability in Splunk Enterprise (01 Sep 2023)

    A vulnerability has been discovered in Splunk Enterprise that allow an attacker to execute arbitrary code. The affected versions are Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1.
    CVE ID: CVE-2023-40595 (Critical)
  • Vulnerability in GitHub repository (01 Sep 2023)

    Improper Access Control vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository usememos/memos prior to 0.13.2.
    CVE ID: CVE-2023-4696 (Critical)
  • Vulnerability in Zoho ManageEngine (01 Sep 2023)

    2FA bypass vulnerability has been discovered in Zoho ManageEngine. The affected versions are Zoho ManageEngine ADManager Plus through 7186.
    CVE ID: CVE-2023-35785 (Critical)
  • Vulnerability in D-Link (01 Sep 2023)

    OS command injection vulnerability has been discovered in D-Link. The affected versions are D-Link DAR-8000-10 up to 20230809.
    CVE ID: CVE-2023-4542 (Critical)
  • Moxa Security Updates (01 Sep 2023)

    Moxa has released security updates to resolve multiple vulnerabilities in MXsecurity Series. The affected versions are MXsecurity Series version v1.0.1 and prior.
    CVE ID: CVE-2023-39979 (Critical), CVE-2023-39980 (High), CVE-2023-39981 (High), CVE-2023-39982 (High), CVE-2023-39983 (Medium)
  • Vulnerability in Tenda (31 Aug 2023)

    A stack overflow vulnerability has been discovered in Tenda. The affected version is Tenda AC7 V1.0 V15.03.06.44.
    CVE ID: CVE-2023-41558 (Critical)
  • Vulnerability in Stripe Payment Plugin for WooCommerce plugin (31 Aug 2023)

    An authentication bypass vulnerability has been discovered in Stripe Payment Plugin for WooCommerce plugin. The affected versions are Stripe Payment Plugin for WooCommerce versions up to, and including, 3.7.7.
    CVE ID: CVE-2023-3162 (Critical)
  • Vulnerability in ZBar (31 Aug 2023)

    A stack-based buffer overflow vulnerability has been discovered in ZBar. The affected version is ZBar 0.23.90.
    CVE ID: CVE-2023-40890 (Critical)
  • Vulnerability in ZBar (31 Aug 2023)

    A heap-based buffer overflow vulnerability has been discovered in ZBar. The affected version is ZBar 0.23.90.
    CVE ID: CVE-2023-40889 (Critical)
  • Vulnerability in SpringBlade (31 Aug 2023)

    A SQL injection vulnerability has been discovered in SpringBlade. The affected version is SpringBlade V3.6.0.
    CVE ID: CVE-2023-40787 (Critical)
  • Vulnerability in Linux kernel (31 Aug 2023)

    An out of bounds read vulnerability has been discovered in the Linux kernel. The affected versions are Linux kernel before 6.3.10.
    CVE ID: CVE-2023-38432 (Critical)
  • VMware Security Updates (31 Aug 2023)

    VMware has released security updates to address a SAML token signature bypass vulnerability in VMware Tools. An attacker can exploit this vulnerability to take control of an affected system.
    CVE ID: CVE-2023-20900 (High)
  • Google Released Security Updates for Chrome (31 Aug 2023)

    Google has released Chrome Dev 118 (118.0.5977.4) for Android, Dev channel 118.0.5979.0 for Mac and Linux, 118.0.5979.0 /.2 for Windows and Beta channel OS version: 15572.24.0 Browser version 117.0.5938.29 for most ChromeOS devices.

  • Vulnerability in Motorola MBTS Site Controller (30 Aug 2023)

    A hard-coded backdoor password vulnerability has been discovered in Motorola MBTS Site Controller Man Machine Interface (MMI).
    CVE ID: CVE-2023-23770 (Critical)
  • Vulnerability in Forminator plugin (30 Aug 2023)

    An arbitrary file upload vulnerability has been discovered in Forminator plugin. The affected versions are Forminator versions up to, and including, 1.24.6.
    CVE ID: CVE-2023-4596 (Critical)
  • Cisco Released Security Updates for Multiple Products (30 Aug 2023)

     Cisco has released security updates to address a privilege escalation vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-20266 (Medium)
  • Drupal Security Updates (30 Aug 2023)

     Drupal has released security updates to resolve the Cross Site Scripting (XSS) vulnerability in Obfuscate Email, and Unified Twig Extensions, third-party libraries used in it.

  • Google Released Security Updates for Chrome (30 Aug 2023)

     Google has released Chrome Beta 117 (117.0.5938.36) for iOS, Chrome Beta 117 (117.0.5938.35) for Android, and Beta channel 117.0.5938.35 for Windows, Mac and Linux.

  • Vulnerability in Theme Volty CMS Blog (30 Aug 2023)

    A SQL injection vulnerability has been discovered in Theme Volty CMS Blog. The affected version is Theme Volty CMS Blog version v4.0.1.
    CVE ID: CVE-2023-39650 (Critical)
  • Vulnerability in RARLabs WinRAR (29 Aug 2023)

    It has been discovered that a vulnerability in RARLabs WinRAR allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The affected versions are RARLabs WinRAR before 6.23.
    CVE ID: CVE-2023-38831 (High)
  • Juniper Released Security Updates (29 Aug 2023)

     Juniper has released security updates to address an improper input validation vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved which may cause a Denial of Service (DoS) Condition.

  • Mozilla Released Security Updates for Thunderbird, Firefox ESR and Firefox 117 (29 Aug 2023)

     Mozilla has released security updates to resolve multiple vulnerabilities in Thunderbird 115.2, Thunderbird 102.15 and Firefox 117. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-4573 (High), CVE-2023-4574 (High), CVE-2023-4575 (High), CVE-2023-4576 (High), CVE-2023-4577 (High), CVE-2023-4051 (Medium), CVE-2023-4578 (Medium), CVE-2023-4053 (Medium), CVE-2023-4580 (Medium), CVE-2023-4581 (Medium), CVE-2023-4582 (Low), CVE-2023-4583 (Low), CVE-2023-4584 (High), CVE-2023-4585 (High)
  • Vulnerability in PTC's Equipment (29 Aug 2023)

     A Cross Site Scripting (XSS) vulnerability has been discovered in PTC's Equipment- Codebeamer. The affected versions are Codebeamer v22.10-SP7 or lower, v22.04-SP5 or lower, and v21.09-SP13 or lower. The upgrades are available.
    CVE ID: CVE-2023-4296 (High)
  • Multiple OpenSSL Vulnerabilities in Hitachi Energy’s  (29 Aug 2023)

     Multiple vulnerabilities have been discovered in various versions of OpenSSL library components, which are used in Hitachi Energy's Lumada APM Edge product.
    CVE ID: CVE-2023-0215 (High), CVE-2022-4450 (High), CVE-2023-0286 (High), CVE-2022-4304 (Medium)
  • Vulnerability in ECTouch (29 Aug 2023)

    A SQL injection vulnerability has been discovered in ECTouch. The affected version is ECTouch v2.
    CVE ID: CVE-2023-39560 (Critical)
  • Vulnerability in Tenda (29 Aug 2023)

    A buffer overflow vulnerability has been discovered in Tenda. The affected version is Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin.
    CVE ID: CVE-2023-40846 (Critical)
  • Vulnerability in PHPJabbers Food Delivery Script (29 Aug 2023)

    A SQL Injection vulnerability has been discovered in PHPJabbers Food Delivery Script. The affected version is PHPJabbers Food Delivery Script v3.0.
    CVE ID: CVE-2023-40749 (Critical)
  • VMware Security Updates (29 Aug 2023)

    VMware has released security updates to address authentication bypass and arbitrary file write vulnerabilities in Aria Operations for Networks. An attacker can exploit this vulnerability to take control of an affected system.
    CVE ID: CVE-2023-34039 (Critical), CVE-2023-20890 (High)
  • Vulnerability in Saho (28 Aug 2023)

     An insufficient filtering vulnerability has been discovered in Saho that can allow to perform arbitrary system commands or disrupt services. The affected products are Saho's attendance devices ADM100 and ADM-100FP.
    CVE ID: CVE-2023-38029 (Critical)
  • Vulnerability in Saho (28 Aug 2023)

     An insufficient authentication vulnerability has been discovered in Saho. The affected products are Saho's attendance devices ADM100 and ADM-100FP.
    CVE ID: CVE-2023-38028 (Critical)
  • Vulnerability in Spring Boot (28 Aug 2023)

     Security bypass vulnerability has been discovered in Spring Boot. The affected versions are Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions.
    CVE ID: CVE-2023-20873 (Critical)
  • WordPress Released Security Update for Order Tracking Pro plugin (28 Aug 2023)

     WordPress has released a security update to resolve a reflected Cross Site Scripting (XSS) vulnerability in the Order Tracking Pro plugin. The affected versions are Order Tracking Pro versions up to, and including, 3.3.6.
    CVE ID: CVE-2023-4471 (Medium)
  • WordPress Released Security Update for Order Tracking Pro plugin (28 Aug 2023)

     WordPress has released a security update to resolve a stored Cross Site Scripting (XSS) vulnerability in the Order Tracking Pro plugin. The affected versions are Order Tracking Pro versions up to, and including, 3.3.6.
    CVE ID: CVE-2023-4500 (Medium)
  • Vulnerability in SpotCam Sense (28 Aug 2023)

     An OS command injection vulnerability has been discovered in SpotCam Sense's hidden Telnet function. 
    CVE ID: CVE-2023-38027 (Critical)
  • Vulnerability in SpotCam Sense (28 Aug 2023)

     A hard-coded uBoot credentials vulnerability has been discovered in SpotCam FHD 2 that  allow to access the system to perform arbitrary system operations or disrupt service.
    CVE ID: CVE-2023-38026 (Critical)
  • Microsoft Edge Security Update (25 Aug 2023)

     Microsoft has released Microsoft Edge Stable Channel (Version 116.0.1938.62) to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-36741 (High)
  • Vulnerability in IBM Robotic Process Automation (25 Aug 2023)

     An incorrect privilege assignment vulnerability has been discovered in IBM Robotic Process Automation when importing users from an LDAP directory. The affected versions are IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1.
    CVE ID: CVE-2023-38734 (Critical)
  • Vulnerability in Pandora FMS (25 Aug 2023)

     An unrestricted file upload vulnerability has been discovered in Pandora FMS File Manager component. The affected versions are Pandora FMS v767 version and prior versions on all platforms.
    CVE ID: CVE-2023-24517 (Critical)
  • Vulnerability in TP-Link Router (25 Aug 2023)

     A buffer overflow vulnerability has been discovered in TP-Link router. The affected versions are TP-Link WR841N V8, TP-Link TL-WR940N V2, and TL-WR941ND V5.
    CVE ID: CVE-2023-39747 (Critical)
  • Vulnerability in TOTOLINK Router(25 Aug 2023)

     A Remote Code Execution (RCE) vulnerability has been discovered in TOTOLINK router. The affected version is TOTOLINK X5000R B20210419.
    CVE ID: CVE-2023-39618 (Critical)
  • Vulnerability in TOTOLINK Router (25 Aug 2023)

     A Remote Code Execution (RCE) vulnerability has been discovered in TOTOLINK router. The affected versions are TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313.
    CVE ID: CVE-2023-39617 (Critical)
  • Vulnerability in D-Link (25 Aug 2023)

     A buffer overflow vulnerability has been discovered in the D-Link router. The affected version is D-Link DIR-880 A1_FW107WWb08.
    CVE ID: CVE-2023-39674 (Critical)
  • Vulnerability in Alluxio (25 Aug 2023)

     An arbitrary code execution vulnerability has been discovered in Alluxio. The affected versions are Alluxio v.2.9.3 and before.
    CVE ID: CVE-2023-38889 (Critical)
  • Vulnerability in PHP (25 Aug 2023)

     It has been discovered that a stack buffer overflow vulnerability due to insufficient length checking in PHP may lead to . The affected versions are PHP version 8.0.* before 8.0.30,  8.1.* before 8.1.22, and 8.2.* before 8.2.8.
    CVE ID: CVE-2023-3824 (Critical)
  • Google Released Security Updates for Chrome (25 Aug 2023)

     Google has released Beta channel OS version: 15572.16.0 Browser version: 117.0.5938.22 for most ChromeOS devices, Chrome Beta 117 (117.0.5938.24) for iOS and Stable channel 116.0.5845.120 (Platform version: 15509.63.0) for most ChromeOS devices to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-4369 (Medium), CVE-2023-20593 (High), CVE-2023-4211 (High), CVE-2023-4128 (High), CVE-2023-4147 (High), CVE-2023-3390 (High), CVE-2023-32804 (High), CVE-2023-2312 (High), CVE-2023-4349 (High), CVE-2023-4350 (High), CVE-2023-4351 (High),CVE-2023-4352 (High) , CVE-2023-4353 (High) , CVE-2023-4354 (High) , CVE-2023-4355 (High) , CVE-2023-4356 (High), CVE-2023-4357 (High) , CVE-2023-4358 (High) , CVE-2023-4359 (Medium),CVE-2023-4360 (Medium) , CVE-2023-4361 (Medium) , CVE-2023-4362(High) CVE-2023-4363 (Medium) ,  CVE-2023-4364  (Medium) , CVE-2023-4365 (Medium) , CVE-2023-4366 (High), CVE-2023-4367 (Medium) , CVE-2023-4368(High), CVE-2023-21264(Medium), CVE-2020-29374(Low)

  • Vulnerability in Python 3 (24 Aug 2023)

     A vulnerability has been discovered that os.path.normpath() truncates on null bytes in Python 3. The affected versions are Python 3.12.0a1 to 3.12.0rc1, and Python 3.11.0 to 3.11.4. The remediation and work-arounds are available.
    CVE ID: CVE-2023-41105 (Medium)
  • Vulnerability in CODESYS' Equipment (24 Aug 2023)

     An insufficient verification of data authenticity vulnerability has been discovered in CODESYS' Equipment- CODESYS Development System that allows Man in the Middle (MITM) attack to execute arbitrary code. The affected versions are CODESYS Development System versions from 3.5.11.0 and prior to 3.5.19.20.
    CVE ID: CVE-2023-3663 (Critical)
  • Vulnerability in KNX Association's Equipment (24 Aug 2023)

     An overly restrictive account lockout mechanism vulnerability has been discovered in KNX Association's Equipment- KNX devices using KNX Connection Authorization that can cause users to lose access to their device, potentially with no way to reset the device. All versions of KNX devices using Connection Authorization Option 1 Style in which no BCU Key is currently set are affected.
    CVE ID: CVE-2023-4346 (High)
  • Vulnerability in OPTO 22's Equipment (24 Aug 2023)

     Multiple vulnerabilities have been discovered in OPTO 22's Equipment- SNAP PAC S1 that can allow an attacker to brute force passwords, access certain device files, or cause a Denial of Service (DoS) condition. The affected version is SNAP PAC S1 firmware version R10.3b.
    CVE ID: CVE-2023-40706 (High), ?CVE-2023-40707 (High), ?CVE-2023-40708 (Medium), ?CVE-2023-40709 (Medium), ?CVE-2023-40710 (Medium)
  • Vulnerability in CODESYS' Equipment (24 Aug 2023)

     An uncontrolled search path element vulnerability has been discovered in CODESYS' Equipment- CODESYS Development system. The affected versions are CODESYS Development System: versions from 3.5.17.0 and prior to 3.5.19.20.
    CVE ID: CVE-2023-3662 (High)
  • Vulnerability in CODESYS' Equipment (24 Aug 2023)

     An improper restriction of excessive authentication attempts vulnerability has been discovered in CODESYS' Equipment- CODESYS Development System. The affected versions are CODESYS Development System: versions prior to 3.5.19.20.
    CVE ID: CVE-2023-3669 (Low)
  • Vulnerability in Rockwell Automation's Equipment (24 Aug 2023)

     An out of bounds Write vulnerability has been discovered in Rockwell Automation' Equipment- 1734-AENT/1734-AENTR Series C, 1734-AENT/1734-AENTR Series B, 1738-AENT/ 1738-AENTR Series B, 1794-AENTR Series A, 1732E-16CFGM12QCWR Series A, 1732E-12X4M12QCDR Series A, 1732E-16CFGM12QCR Series A, 1732E-16CFGM12P5QCR Series A, 1732E-12X4M12P5QCDR Series A, 1732E-16CFGM12P5QCWR Series B, 1732E-IB16M12R Series B, 1732E-OB16M12R Series B, 1732E-16CFGM12R Series B, 1732E-IB16M12DR Series B, 1732E-OB16M12DR Series B, 1732E-8X8M12DR Series B, 1799ER-IQ10XOQ10 Series B. The mitigations are available.
    CVE ID: CVE-2022-1737 (High)
  • Google Released Security Updates for Chrome (24 Aug 2023)

     Google has released Chrome Dev 118 (118.0.5963.0) for Android.

  • Moxa Security Updates (24 Aug 2023)

     Moxa has released security updates to resolve multiple vulnerabilities in Moxa's ioLogik 4000 Series. The affected versions are ioLogik 4000 Series (ioLogik E4200) firmware v1.6 and prior.
    CVE ID: CVE-2023-4227 (Medium), CVE-2023-4228 (Low), CVE-2023-4229 (Medium), CVE-2023-4230 (Medium)
  • Vulnerability in Donation Forms by Charitable plugin (23 Aug 2023)

     A privilege escalation vulnerability has been discovered in Donation Forms by Charitable plugin for WordPress. The affected versions are Donation Forms by Charitable plugin versions up to, and including, 1.7.0.12.
    CVE ID: CVE-2023-4404 (Critical)
  • Vulnerability in TOTOLINK (23 Aug 2023)

     An OS command injection vulnerability has been discovered in TOTOLINK. The affected version is TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023.
    CVE ID: CVE-2023-4412 (Critical)
  • Vulnerability in TOTOLINK (23 Aug 2023)

     An OS command injection vulnerability has been discovered in TOTOLINK. The affected version is TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023.
    CVE ID: CVE-2023-4411 (Critical)
  • Vulnerability in Codecanyon Credit Lite (23 Aug 2023)

     A SQL injection vulnerability has been discovered in Codecanyon Credit Lite. The affected version is Codecanyon Credit Lite 1.5.4.
    CVE ID: CVE-2023-4407 (Critical)
  • Vulnerability in ELECOM (23 Aug 2023)

     An OS command injection vulnerability has been discovered in ELECOM wireless LAN routers. The affected versions are: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions.
    CVE ID: CVE-2023-40069 (Critical)
  • Vulnerability in Tenda (23 Aug 2023)

     A buffer overflow vulnerability has been discovered in Tenda. The affected version is Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01.
    CVE ID: CVE-2023-39673 (Critical)
  • Vulnerability in Tenda (23 Aug 2023)

     A buffer overflow vulnerability has been discovered in Tenda. The affected version is Tenda WH450 v1.0.0.18.
    CVE ID: CVE-2023-39672 (Critical)
  • Vulnerability in Tenda (23 Aug 2023)

     A buffer overflow vulnerability has been discovered in Tenda. The affected version is Tenda AC6 _US_AC6V1.0BR_V15.03.05.16.
    CVE ID: CVE-2023-39670 (Critical)
  • Vulnerability in AcyMailing component for Joomla (23 Aug 2023)

     A Remote Code Execution (RCE) vulnerability has been discovered in AcyMailing component for Joomla.
    CVE ID: CVE-2023-39970 (Critical)
  • Vulnerability in libqb (23 Aug 2023)

     A buffer overflow vulnerability has been discovered in log_blackbox.c in libqb. The affected versions are libqb before 2.0.8.
    CVE ID: CVE-2023-39976 (Critical)
  • Cisco Released Security Updates for Multiple Products (23 Aug 2023)

     Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-20168 (High), CVE-2023-20169 (High), CVE-2023-20200 (High), CVE-2023-20115 (Medium), CVE-2023-20234 (Medium), CVE-2023-20230 (Medium)
  • Google Released Security Updates for Chrome (23 Aug 2023)

     Google has released Chrome Beta 117 (117.0.5938.22) for iOS, Chrome Beta 117 (117.0.5938.20) for Android, Beta channel 117.0.5938.22 for Windows, Mac and Linux and  LTC-114 version, 114.0.5735.331 (Platform Version: 15437.67.0) for most ChromeOS devices to resolve vulnerability.
    CVE ID: CVE-2023-4211 (High)
  • Google Released Security Updates for Chrome (22 Aug 2023)

    Google has released Chrome 116 (116.0.5845.114) for Android, Chrome Stable 116 (116.0.5845.118) for iOS and Stable & Extended stable channels 116.0.5845.110 for Mac & Linux & 116.0.5845.110/.111 for Windows to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-4430 (High), CVE-2023-4429 (High), CVE-2023-4428 (High), CVE-2023-4427 (High), CVE-2023-4431 (Medium)
  • Vulnerability in Dell PowerScale OneFS (22 Aug 2023)

    A protection mechanism bypass vulnerability has been discovered in Dell PowerScale OneFS that can cause Denial of Service (DoS), information disclosure and remote execution. The affected version is Dell PowerScale OneFS 9.5.0.x.
    CVE ID: CVE-2023-32493 (Critical)
  • Vulnerability in Trane's Equipment (22 Aug 2023)

    A command injection vulnerability has been discovered in Trane's equipment- XL824, XL850, XL1050, and Pivot thermostats.
    CVE ID: CVE-2023-4212 (Medium)
  • Vulnerability in COMFAST (22 Aug 2023)

    A command injection vulnerability has been discovered in COMFAST. The affected version is COMFAST CF-XR11 V2.7.2.
    CVE ID: CVE-2023-38866 (Critical)
  • Vulnerability in Wavlink (22 Aug 2023)

    A vulnerability has been discovered in Wavlink that allows a remote attacker to execute arbitrary code. The affected version is Wavlink WL_WNJ575A3 v.R75A3_V1410_220513.
    CVE ID: CVE-2023-38861 (Critical)
  • Vulnerability in pandas-ai (22 Aug 2023)

    A vulnerability has been discovered in pandas-ai that allows a remote attacker to execute arbitrary code via the _is_jailbreak function. The affected versions are pandas-ai v.0.9.1 and before.
    CVE ID: CVE-2023-39661 (Critical)
  • Vulnerability in langchain-ai (22 Aug 2023)

    A vulnerability has been discovered in langchain-ai that allows a remote attacker to execute arbitrary code. The affected versions are langchain-ai v.0.0.232 and before.
    CVE ID: CVE-2023-39659 (Critical)
  • Vulnerability in Wolf-leo EasyAdmin8 (22 Aug 2023)

    A file upload vulnerability has been discovered in Wolf-leo EasyAdmin8 that allows a remote attacker to execute arbitrary code. The affected version is Wolf-leo EasyAdmin8 v.1.0.
    CVE ID: CVE-2023-38915 (Critical)
  • Vulnerability in GitHub Repository (22 Aug 2023)

    A heap-based buffer overflow vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository radareorg/radare2 prior to 5.9.0.
    CVE ID: CVE-2023-4322 (Critical)
  • Multiple Vulnerabilities in Rockwell Automation's Equipment (22 Aug 2023)

    Multiple improper input validation vulnerabilities have been discovered in Rockwell Automation's Equipment- ThinManager ThinServer. The affected versions are ThinManager ThinServer: versions 11.0.0-11.0.6, versions 11.1.0-11.1.6, versions 11.2.0-11.2.6, versions 12.1.0-12.1.6, versions 12.0.0-12.0.5, versions 13.0.0-13.0.2 and version 13.1.0.
    CVE ID: CVE-2023-2914 (High), CVE-2023-2915 (High), CVE-2023-2917 (Critical)
  • Microsoft Edge Security Update (21 Aug 2023)

     Microsoft has released Microsoft Edge Stable and Extended Stable Channel (Version 116.0.1938.54) to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-38158 (Low), CVE-2023-36787 (High)
  • Vulnerability in Ivanti Endpoint Manager Mobile (21 Aug 2023)

    An authentication bypass vulnerability has been discovered in Ivanti EPMM that allows unauthorized users to access restricted functionality or resources of the application without proper authentication. The affected versions are Ivanti EPMM 11.10 and older.
    CVE ID: CVE-2023-35082 (Critical)
  • Vulnerability in MiVoice Office 400 SMB Controller (21 Aug 2023)

    A command injection vulnerability has been discovered in MiVoice Office 400 SMB Controller. The affected versions are MiVoice Office 400 SMB Controller through 1.2.5.23.
    CVE ID: CVE-2023-39293 (Critical)
  • Vulnerability in MiVoice Office 400 SMB Controller (21 Aug 2023)

    A SQL injection vulnerability has been discovered in MiVoice Office 400 SMB Controller. The affected versions are MiVoice Office 400 SMB Controller through 1.2.5.23.
    CVE ID: CVE-2023-39292 (Critical)
  • Vulnerability in ONLYOFFICE DocumentServer (21 Aug 2023)

    An out of bounds memory access vulnerability has been discovered in ONLYOFFICE DocumentServer that allows to run arbitrary code via crafted JavaScript file. The affected versions are ONLYOFFICE DocumentServer 4.0.3 through 7.3.2.
    CVE ID: CVE-2023-30187 (Critical)
  • Citrix Released Security Update (18 Aug 2023)

    Citrix has released security update to address an improper resource control vulnerability in ShareFile storage zones controller that affects Citrix Content Collaboration. The affected versions are ShareFile storage zones controller 5.11.24 and later versions.
    CVE ID: CVE-2023-24489 (Critical)
  • Juniper Released Security Updates (18 Aug 2023)

    Juniper has released security updates to address multiple vulnerabilities in the J-Web component of Juniper Networks Junos OS on SRX Series and EX Series. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-36844 (Medium), CVE-2023-36845 (Medium), CVE-2023-36846 (Medium), CVE-2023-36847 (Medium)
  • Vulnerability in Intel(R) DSA Software (18 Aug 2023)

     A Cross Site Scripting (XSS) vulnerability has been discovered in Intel(R) DSA software. The affected versions are Intel(R) DSA software before version 23.1.9.
    CVE ID: CVE-2023-27515 (Critical)
  • Vulnerability in Webchess (18 Aug 2023)

     A SQL injection vulnerability has been discovered on Webchess. The affected version is Webchess v1.0.
    CVE ID: CVE-2023-39851 (Critical)
  • Vulnerability in Schoolmate (18 Aug 2023)

     A SQL injection vulnerability has been discovered in Schoolmate. The affected version is Schoolmate v1.3.
    CVE ID: CVE-2023-39850 (Critical)
  • Google Released Security Update for Chrome Beta iOS (18 Aug 2023)

     Google has released Chrome Beta 117 (117.0.5938.12) for iOS.

  • Google Released Security Updates for Chrome (17 Aug 2023)

     Google has released Beta channel 116.0.5845.102 (Platform version: 15509.57.0) for most ChromeOS devices, Dev channel 118.0.5951.0 for Windows, Mac and Linux, and Chrome Dev 118 (118.0.5950.2) for Android.

  • Vulnerability in novel-plus (17 Aug 2023)

     A SQL injection vulnerability has been discovered in novel-plus. The affected version is novel-plus v3.6.2.
    CVE ID: CVE-2023-37847 (Critical)
  • Vulnerability in Intel(R) Ethernet Controller RDMA driver (17 Aug 2023)

     An improper access control vulnerability has been discovered in the Intel(R) Ethernet Controller RDMA driver which enables escalation of privilege via network access.  The affected versions are Intel(R) Ethernet Controller RDMA driver for Linux before version 1.9.30.
    CVE ID: CVE-2023-25775 (Critical)
  • Dell Security Updates (16 Aug 2023)

    Dell has released security updates to address multiple vulnerabilities in Dell PowerScale OneFS that can be exploited by malicious users to compromise the affected system.
    CVE ID: CVE-2023-32486, CVE-2023-32487, CVE-2023-32488, CVE-2023-32489, CVE-2023-32490, , CVE-2023-32491, CVE-2023-32492,  CVE-2023-32494, CVE-2023-32495
  • CVE - KB Correlation (14 Aug 2023)

    List of CVE IDs and corresponding Knowledge Base IDs as released by Microsoft during August 2023.

  • Vulnerability in Canto plugin (13 Aug 2023)

     A remote file inclusion vulnerability has been discovered in Canto plugin for WordPress. The affected versions are Canto plugin versions up to, and including, 3.0.4.
    CVE ID: CVE-2023-3452 (Critical)
  • Vulnerability in PHPJabbers Document Creator (11 Aug 2023)

     A SQL injection vulnerability has been discovered in PHPJabbers Document Creator. The affected version is PHPJabbers Document Creator v1.0.
    CVE ID: CVE-2023-36311 (Critical)
  • Vulnerability in TOTOLINK (11 Aug 2023)

     A stack-based buffer overflow vulnerability has been discovered in TOTOLINK. The affected version is TOTOLINK T10_v2 5.9c.5061_B20200511.
    CVE ID: CVE-2023-40042 (Critical)
  • Vulnerability in Zoom Desktop Client (11 Aug 2023)

     An improper input validation vulnerability has been discovered in Zoom Desktop Client that allows to enable an escalation of privilege via network access. The affected versions are Zoom Desktop Client for Windows before 5.14.7.
    CVE ID: CVE-2023-39216 (Critical)
  • Vulnerability in Zoom Desktop Client (11 Aug 2023)

     A path traversal vulnerability has been discovered in Zoom Desktop Client that allows to enable an escalation of privilege via network access. The affected versions are Zoom Desktop Client for Windows before 5.14.7.
    CVE ID: CVE-2023-36534 (Critical)
  • GitLab Security Update (11 Aug 2023)

     GitLab has released Community Edition and Enterprise Edition version 16.2.4 to resolve a number of regressions and bugs.

  • Google Released Security Updates for Chrome (10 Aug 2023)

     Google has released Chrome Stable 116 (116.0.5845.90) for iOS, Chrome Dev 117 (117.0.5938.0) for Android, and Dev channel 117.0.5938.0 for Windows, Mac and Linux.

  • Vulnerability in Kunduz - Homework Helper App (09 Aug 2023)

     An use of hard-coded Cryptographic Key vulnerability has been discovered in Sifir Bes Education and Informatics Kunduz - Homework Helper App. The affected versions are Kunduz - Homework Helper App: before 6.2.3.
    CVE ID: CVE-2023-3632 (Critical)
  • Vulnerability in Oduyo Online Collection Software (09 Aug 2023)

     A SQL injection vulnerability has been discovered in Oduyo Online Collection Software. The affected versions are Online Collection Software: before 1.0.1.
    CVE ID: CVE-2023-3716 (Critical)
  • Vulnerability in Netgear (09 Aug 2023)

     A command injection vulnerability has been discovered in Netgear. The affected version is Netgear R7100LG 1.0.0.78.
    CVE ID: CVE-2023-38928 (Critical)
  • Vulnerability in GitHub Repository (09 Aug 2023)

     A SQL injection vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository instantsoft/icms2 prior to 2.16.1-git.
    CVE ID: CVE-2023-4188 (Critical)
  • Vulnerability in PyroCMS (09 Aug 2023)

     A Remote Code Execution (RCE) vulnerability has been discovered in PyroCMS that allows to send customized commands to the server and execute arbitrary code on the affected system. The affected version is PyroCMS 3.9.
    CVE ID: CVE-2023-29689 (Critical)
  • Google Released Security Updates for Chrome (09 Aug 2023)

     Google has released Chrome 116 (116.0.5845.78) for Android, Chrome Beta 116 (116.0.5845.78) for Android, Stable channel 116.0.5845.82 for Windows and Mac, Beta channel 116.0.5845.82 for Windows, Mac and Linux, and Chrome Beta 116 (116.0.5845.86) for iOS.

  • Schneider Electric's Security Updates (08 Aug 2023)

     Schneider Electric's has released security updates to address deserialization of untrusted data vulnerability in its equipment- IGSS (Interactive Graphical SCADA System). The affected versions are IGSS Dashboard (DashBoard.exe): v16.0.0.23130 and prior.
    CVE ID: CVE-2023-3001 (High)
  • Fortinet Security Updates for FortiOS (08 Aug 2023)

     Fortinet has released security updates to address a stack-based buffer overflow vulnerability in FortiOS that allow to execute arbitrary code via specially crafted CLI commands, provided the attacker were able to evade FortiOS stack protections. The affected versions are FortiOS version 7.0.0 through 7.0.3, FortiOS 6.4 all versions, and FortiOS 6.2 all versions.
    CVE ID: CVE-2023-29182 (Medium)
  • SAP Released August 2023 Security Notes (08 Aug 2023)

     SAP has released security notes to address several critical vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-37483 (Critical), CVE-2023-36922 (Critical), CVE-2023-39439 (High)
  • Citrix Released Security Updates (08 Aug 2023)

     Citrix has released security updates to address multiple vulnerabilities in Citrix Hypervisor, Intel CPUs, and AMD CPUs. The affected versions are Citrix Hypervisor 8.2 CU1 LTSR.
    CVE ID: CVE-2023-20569 (Medium), CVE-2023-34319 (Medium), CVE-2022-40982 (Medium)
  • Schneider Electric Security Updates (08 Aug 2023)

     Schneider Electric has released security updates to resolve an Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Pro-face GP-Pro EX product. The affected versions are GP-Pro EX WinGP for iPC: v4.09.450 and prior, and GP-Pro EX WinGP for PC/AT: v4.09.450 and prior.
    CVE ID: CVE-2023-3953 (Medium)
  • Microsoft Released August 2023 Security Updates (08 Aug 2023)

     Microsoft has released updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-21709 (Critical), CVE-2023-35385 (Critical), CVE-2023-36910 (Critical), CVE-2023-36911 (Critical)
  • Adobe Released Security Updates (08 Aug 2023)

     Adobe has released security updates to address multiple vulnerabilities in Adobe Acrobat and Reader, Adobe Commerce, Adobe Dimension, and Adobe XMP Toolkit SDK. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-38208 (Critical), CVE-2023-38210 (Medium), CVE-2023-38211 (High), CVE-2023-38212 (High), CVE-2023-38213 (Low), CVE-2023-38209 (Medium), CVE-2023-38207 (Medium), CVE-2023-29320 (High), CVE-2023-29299 (Medium), CVE-2023-29303 (Medium), CVE-2023-38222 (High), CVE-2023-38223 (High)
  • Microsoft Security Updates for Microsoft Exchange Server (08 Aug 2023)

     Microsoft has released updates to address an Elevation of Privilege vulnerability in Microsoft Exchange Server. 
    CVE ID: CVE-2023-21709 (Critical)
  • Microsoft Security Updates for Microsoft Message Queuing (08 Aug 2023)

     Microsoft has released updates to address an Remote Code Execution vulnerability in Microsoft Message Queuing. 
    CVE ID: CVE-2023-35385 (Critical)
  • Microsoft Security Updates for Microsoft Message Queuing (08 Aug 2023)

     Microsoft has released updates to address an Remote Code Execution vulnerability in Microsoft Message Queuing. 
    CVE ID: CVE-2023-36910 (Critical)
  • Microsoft Security Updates for Microsoft Message Queuing (08 Aug 2023)

     Microsoft has released updates to address an Remote Code Execution vulnerability in Microsoft Message Queuing. 
    CVE ID: CVE-2023-36911 (Critical)
  • Multiple Vulnerabilities in Siemens Products (08 Aug 2023)

     Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve these vulnerabilities.
    CVE ID: CVE-2023-24845 (Critical), CVE-2023-25957 (Critical), CVE-2023-29129 (Critical), CVE-2023-37372 (Critical), CVE-2023-27411 (High), CVE-2023-37373 (Medium)
  • Android Security Updates (07 Aug 2023)

     Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2023-08-05 or later, address all of these issues.

  • Microsoft Edge Security Update (07 Aug 2023)

     Microsoft has released Microsoft Edge Stable Channel (Version 115.0.1901.200) and Microsoft Edge Extended Stable Channel (Version 114.0.1823.106) to resolve security feature bypass vulnerability
    CVE ID: CVE-2023-38157 (Medium)
  • Vulnerability in GitLab CE/EE (07 Aug 2023)

     A vulnerability has been discovered in GitLab CE/EE. The affected versions are GitLab CE/EE all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2.
    CVE ID: CVE-2023-4008 (Critical)
  • Vulnerability in NextGen Mirth Connect (07 Aug 2023)

     A Remote Command Execution (RCE) vulnerability has been discovered in NextGen Mirth Connect that allows to execute arbitrary commands on the hosting server. The affected version is NextGen Mirth Connect v4.3.0.
    CVE ID: CVE-2023-37679 (Critical)
  • Vulnerability in ZKTeco BioAccess IVS (07 Aug 2023)

     A SQL injection vulnerability has been discovered in ZKTeco BioAccess IVS. The affected version is ZKTeco BioAccess IVS v3.3.1.
    CVE ID: CVE-2023-38954 (Critical)
  • Vulnerability in Xiaomi routers (07 Aug 2023)

     A command injection vulnerability has been discovered in Xiaomi routers. Successful exploitation can permit Remote Code Execution(RCE) and complete compromise of the device.
    CVE ID: CVE-2023-26317 (Critical)
  • Security Update for WPS Office (04 Aug 2023)

     WPS Office v12.2.0.13110 has been released to resolve vulnerabilities in earlier versions.

  • Google Released Security Updates for Chrome (04 Aug 2023)

     Google has released Dev channel 117.0.5927.0 for Windows, Mac and Linux, and Chrome Dev 117 (117.0.5926.2) for Android.

  • Vulnerability in TP-Link Archer (04 Aug 2023)

    A buffer overflow vulnerability has been discovered in TP-Link Archer. The affected versions are TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219.
    CVE ID: CVE-2023-31710 (Critical)
  • Vulnerability in BMC Control-M (04 Aug 2023)

    A SQL injection vulnerability has been discovered in BMC Control-M. The affected versions are BMC Control-M through 9.0.20.200.
    CVE ID: CVE-2023-39122 (Critical)
  • Vulnerability in PHPJabbers Cleaning Business Software (04 Aug 2023)

    A lack of verification vulnerability has been discovered in PHPJabbers Cleaning Business Software. The affected version is PHPJabbers Cleaning Business Software 1.0.
    CVE ID: CVE-2023-36139 (Critical)
  • Vulnerability in PHP Jabbers Availability Booking Calendar (04 Aug 2023)

    An incorrect access control vulnerability has been discovered in PHP Jabbers Availability Booking Calendar. The affected version is PHP Jabbers Availability Booking Calendar 5.0.
    CVE ID: CVE-2023-36132 (Critical)
  • Vulnerability in Control ID IDSecure (04 Aug 2023)

    A path traversal vulnerability has been discovered in Control ID IDSecure that allows to delete arbitrary files on the IDSecure filesystem, causing a Denial of Service (DoS). The affected versions are Control ID IDSecure 4.7.26.0 and prior.
    CVE ID: CVE-2023-33369 (Critical)
  • Vulnerability in MotoCMS (04 Aug 2023)

    A Server-Side Template Injection (SSTI) vulnerability has been discovered in MotoCMS. The affected version is MotoCMS 3.4.3.
    CVE ID: CVE-2023-36210 (Critical)
  • Vulnerability in Greenshot (04 Aug 2023)

    An arbitrary code execution vulnerability has been discovered in Greenshot. The affected versions are Greenshot 1.2.10 and below.
    CVE ID: CVE-2023-34634 (Critical)
  • Vulnerability in BMC Control-M (04 Aug 2023)

    A Remote Code Execution (RCE)  vulnerability has been discovered in DedeCMS that allows to run arbitrary code. The affected versions are DedeCMS through 5.7.10.
    CVE ID: CVE-2023-34842 (Critical)
  • Vulnerability in Wifi Soft Unibox Administration (04 Aug 2023)

    A SQL Injection vulnerability has been discovered in Wifi Soft Unibox Administration. The affected versions are Wifi Soft Unibox Administration 3.0 and 3.1.
    CVE ID: CVE-2023-34635 (Critical)
  • Vulnerability in SEMCMS (04 Aug 2023)

    A SQL Injection vulnerability has been discovered in SEMCMS. The affected version is SEMCMS v1.5.
    CVE ID: CVE-2023-37647 (Critical)
  • VMware Security Updates (03 Aug 2023)

     VMware has released security updates to address request smuggling and information disclosure vulnerabilities in VMware Horizon Server. An attacker can exploit this vulnerability to take control of an affected system.
    CVE ID: CVE-2023-34037 (Medium), CVE-2023-34038 (Medium)
  • GitLab Security Update (03 Aug 2023)

     GitLab has released Community Edition and Enterprise Edition version 16.1.4 to resolve a number of regressions and bugs.

  • Vulnerability in TEL-STER's Equipment (03 Aug 2023)

     A path traversal vulnerability has been discovered in TEL-STER's Equipment- TelWin SCADA WebInterface, which allows to read files on the system. The affected versions are TelWin SCADA WebInterface: 3.2 to 6.1, 7.0 to 7.1, and 8.0 and 9.0. The updates are available.
    CVE ID: CVE-2023-0956 (High)
  • Vulnerability in Sensormatic Electronics' Equipment (03 Aug 2023)

     An acceptance of extraneous untrusted data with trusted data vulnerability has been discovered in Sensormatic Electronics' Equipment- VideoEdge. The affected versions are VideoEdge prior to 6.1.1. The updates are available.
    CVE ID: CVE-2023-3749 (High)
  • Vulnerability in Mitsubishi Electric's Equipment (03 Aug 2023)

     An information disclosure vulnerability has been discovered in Mitsubishi Electric's Equipment- GT Designer3, GOT2000 Series, GOT SIMPLE Series and GT SoftGOT2000. The mitigations are available.
    CVE ID: CVE-2023-0525 (High)
  • Vulnerability in Mitsubishi Electric's Equipment (03 Aug 2023)

     A Denial of Service (DoS) & spoofing vulnerability has been discovered in Mitsubishi Electric's Equipment- GOT2000 Series and GOT SIMPLE Series. The affected versions are GOT2000 Series: GT21 model 01.49.000 and prior, and GOT SIMPLE: GS21 model 01.49.000 and prior. The security update is available.
    CVE ID: CVE-2023-3373 (Medium)
  • Multiple Vulnerabilities in Cisco Products (02 Aug 2023)

     Multiple vulnerabilities have been discovered in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates are available for some products.
    CVE ID: CVE-2022-20790 (Medium), CVE-2023-20215 (Medium), CVE-2023-20204 (Medium)
  • Drupal Security Update (02 Aug 2023)

     Drupal has released a security update to resolve a Cross Site Scripting  (XSS) vulnerability in Matomo Analytics, a third-party library used in it.

  • Moxa Security Updates (02 Aug 2023)

     Moxa has released security updates to resolve a Denial of Service (DoS) vulnerability in Moxa's switch series. The affected versions are PT-508 Series version 3.8 and lower, PT-7728 Series version 3.8 and lower, PT-7828 Series version 3.9 and lower, and MDS-G4012 Series version 1.2 and lower.
    CVE ID: CVE-2009-3563 
  • Google Released Security Updates for Chrome (02 Aug 2023)

     Google has released Chrome 115 (115.0.5790.166) for Android, Dev channel OS version: 15563.0.0 Browser version: 117.0.5920.0 for most ChromeOS devices, Stable channel 115.0.5790.170 for Mac and Linux and 115.0.5790.170/.171 for Windows, and Chrome Beta 116 (116.0.5845.60) for iOS.
    CVE ID: CVE-2023-4068 (High), CVE-2023-4069 (High), CVE-2023-4070 (High), CVE-2023-4071 (High), CVE-2023-4072 (High), CVE-2023-4073 (High), CVE-2023-4074 (High), CVE-2023-4075 (High), CVE-2023-4076 (High), CVE-2023-4077 (Medium), CVE-2023-4078 (Medium)
  • Vulnerability in InstaWP Connect plugin (02 Aug 2023)

     It has been discovered that the InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'events_receiver' function. The affected versions are InstaWP Connect plugin versions up to, and including, 0.0.9.18.
    CVE ID: CVE-2023-3956 (Critical)
  • Vulnerability in PrestaShop sendinblue (02 Aug 2023)

     A SQL injection vulnerability has been discovered in PrestaShop sendinblue. The affected versions are PrestaShop sendinblue v.4.0.15 and before.
    CVE ID: CVE-2023-26859 (Critical)
  • Vulnerability in Pligg CMS (02 Aug 2023)

     A Remote Code Execution (RCE) vulnerability has been discovered in Pligg CMS. The affected version is Pligg CMS v2.0.2.
    CVE ID: CVE-2023-37677 (Critical)
  • Vulnerability in Envoy (02 Aug 2023)

     A vulnerability in Envoy allows a malicious client to construct credentials with permanent validity in some specific scenarios. The affected versions are Envoy prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12.
    CVE ID: CVE-2023-35941 (Critical)
  • Vulnerability in Vasion PrinterLogic Client (02 Aug 2023)

     An elevation of privileges vulnerability has been discovered in Vasion PrinterLogic Client. The affected versions are Vasion PrinterLogic Client for Windows before 25.0.0.836.
    CVE ID: CVE-2023-32232 (Critical)
  • Vulnerability in GitHub Repository (02 Aug 2023)

     Prototype Pollution vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository automattic/mongoose prior to 7.3.4.
    CVE ID: CVE-2023-3696 (Critical)
  • Vulnerability in wpbrutalai WordPress plugin (02 Aug 2023)

     A SQL injection vulnerability has been discovered in the wpbrutalai WordPress plugin. The affected versions are wpbrutalai WordPress plugin before 2.0.0.
    CVE ID: CVE-2023-2601 (Critical)
  • Vulnerability in TMT Lockcell (02 Aug 2023)

     A command injection vulnerability has been discovered in TMT Lockcell. The affected versions are Lockcell before 15.
    CVE ID: CVE-2023-3049 (Critical)
  • Vulnerability in TMT Lockcell (02 Aug 2023)

     An authorization bypass vulnerability through user-controlled key has been discovered in TMT Lockcell. The affected versions are Lockcell before 15.
    CVE ID: CVE-2023-3048 (Critical)
  • Vulnerability in NodeBB (01 Aug 2023)

    A path traversal vulnerability has been discovered in NodeBB. The affected versions are NodeBB 2.5.0 and prior to version 2.8.7. The vulnerability has been resolved in NodeBB version 2.8.7.
    CVE ID: CVE-2023-26045 (Critical)
  • Vulnerability in Apache Shiro (01 Aug 2023)

    An authentication bypass vulnerability has been discovered in Apache Shiro. The affected versions are Apache Shiro before 1.12.0 or 2.0.0-alpha-3.
    CVE ID: CVE-2023-34478 (Critical)
  • Vulnerability in DataEase (01 Aug 2023)

    A SQL injection vulnerability has been discovered in DataEase that can bypass blacklists. The affected versions are DataEase prior to 1.18.9. The vulnerability has been resolved in DataEase version 1.18.9.
    CVE ID: CVE-2023-37258 (Critical)
  • Vulnerability in vm2 (01 Aug 2023)

    A Remote Code Execution (RCE) vulnerability has been discovered in vm2. The affected versions are vm2 up to and including 3.9.19. 
    CVE ID: CVE-2023-37903 (Critical)
  • Vulnerability in PrestaShop (01 Aug 2023)

    A SQL injection vulnerability has been discovered in Boxtal (envoimoinscher) module for PrestaShop. The affected products are PrestaShop, after version 3.1.10.
    CVE ID: CVE-2023-30151 (Critical)
  • Vulnerability in APSystems' Equipment (01 Aug 2023)

    An OS command injection vulnerability has been discovered in APSystems' Equipment- Altenergy Power Control that may allow Remote Code Execution (RCE). The affected versions are Altenergy Power Control Software C1.2.5.
    CVE ID: CVE-2023-28343 (Critical)
  • Vulnerability in OMRON (01 Aug 2023)

    An improper validation of specified type of Input vulnerability has been discovered in the OMRON CJ series and CS/CJ Series EtherNet/IT unit that can lead to Denial-of-service (DoS). The mitigations are available. 

  • Mozilla Released Security Updates (01 Aug 2023)

    Mozilla has released a security update to address multiple vulnerabilities in Firefox ESR 115.1, Firefox ESR 102.14 and Firefox 116. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-4045 (High), CVE-2023-4046 (High), CVE-2023-4047 (High), CVE-2023-4048 (High), CVE-2023-4049 (High), CVE-2023-4050 (High), CVE-2023-4051 (Medium), CVE-2023-4052 (Medium), VE-2023-4053 (Medium), CVE-2023-4054 (Medium), CVE-2023-4055 (Low), CVE-2023-4056 (High), CVE-2023-4057 (High), CVE-2023-4058 (High)
  • Google Released Security Updates for Chrome (01 Aug 2023)

    Google has released Stable channel OS version: 15474.70.0 Browser version: 115.0.5790.160 for most ChromeOS devices, and Chrome Stable 115 (115.0.5790.160) for iOS.

  • GitLab Security Updates (01 Aug 2023)

    GitLab has released updated versions 16.2.2, 16.1.3, and 16.0.8 for GitLab Community Edition (CE) and Enterprise Edition (EE).

  • SUSE Security Updates (01 Aug 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Vulnerability in OpenSSL (31 Jul 2023)

    A vulnerability has been discovered that causes excessive time spent on checking DH q parameter value in OpenSSL while using DH_check(), DH_check_ex() or EVP_PKEY_param_check(). The affected versions are OpenSSL 3.1, 3.0, 1.1.1 and 1.0.2.
    CVE ID: CVE-2023-3817 (Low)
  • Vulnerability in PaddlePaddle (31 Jul 2023)

     A command injection vulnerability has been discovered in PaddlePaddle. The affected versions are PaddlePaddle before 2.5.0.
    CVE ID: CVE-2023-38673 (Critical)
  • Vulnerability in PaddlePaddle (31 Jul 2023)

     A heap buffer overflow vulnerability has been discovered in PaddlePaddle that can lead to Denial of Service (DoS), information disclosure, or more damage is possible. The affected versions are PaddlePaddle before 2.5.0.
    CVE ID: CVE-2023-38671 (Critical)
  • Vulnerability in PaddlePaddle (31 Jul 2023)

     An use after free vulnerability has been discovered in PaddlePaddle. The affected versions are PaddlePaddle before 2.5.0.
    CVE ID: CVE-2023-38669 (Critical)
  • Vulnerability in eoffice (31 Jul 2023)

     An arbitrary file upload vulnerability has been discovered in eoffice that allows to execute arbitrary code via uploading a crafted file. The affected versions are eoffice before v9.5.
    CVE ID: CVE-2023-34798 (Critical)
  • Vulnerability in HP LaserJet Pro Print Products (31 Jul 2023)

     It has been discovered that HP LaserJet Pro print products are vulnerable to an elevation of privilege and/or information disclosure related to a lack of authentication with certain endpoints.
    CVE ID: CVE-2023-26301 (Critical)
  • Vulnerability in Metabase (31 Jul 2023)

     It has been discovered that a vulnerability in Metabase open source and Metabase Enterprise allow to execute arbitrary commands on the server, at the server's privilege level. The affected versions are Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1.
    CVE ID: CVE-2023-38646 (Critical)
  • Vulnerability in Galaxy Software Services Vitals ESP (31 Jul 2023)

     A hard-coded encryption key vulnerability has been discovered in Galaxy Software Services Vitals ESP. The affected versions are Vitals ESP 3.0.8 through 6.2.0.
    CVE ID: CVE-2023-37291 (Critical)
  • Vulnerability in Origin Software ATS Pro (31 Jul 2023)

     Authorization Bypass vulnerability has been discovered in Origin Software ATS Pro that allows Authentication Abuse, Authentication Bypass. The affected versions are Origin Software ATS Pro before 20230714.
    CVE ID: CVE-2023-2958 (Critical)
  • Vulnerability in Ivanti Endpoint Manager Mobile (29 Jul 2023)

     A path traversal vulnerability has been discovered in Ivanti EPMM that allows to write arbitrary files onto the appliance.
    CVE ID: CVE-2023-35081 (High)
  • Vulnerability in ETIC Telecom's Equipment (27 Jul 2023)

     An insecure default initialization of resource vulnerability has been discovered in ETIC Telecom's Equipment- Remote Access Server (RAS) that allow to reconfigure the device or cause a Denial of Service (DoS) condition. The affected versions are ETIC Telecom RAS all versions 4.7.0 and prior.
    CVE ID: CVE-2023-3453 (High)
  • Vulnerability in PTC's Equipment (27 Jul 2023)

     An uncontrolled resource consumption vulnerability has been discovered in PTC's Equipment- KEPServerEX that can result in crashing of the affected device. The affected versions are KEPServerEX 6.0 to 6.14.263.
    CVE ID: CVE-2023-3825 (High)
  • Vulnerability in Mitsubishi Electric's Equipment (27 Jul 2023)

     A Denial of Service (DoS) and malicious code execution vulnerability has been discovered in MITSUBISHI CNC series. The affected products are M800V/M80V, M800/M80/E80, C80, M700V/M70V/E70 Series and  IoT Unit.
    CVE ID: CVE-2023-3346 (Critical)
  • Multiple Vulnerabilities in Jenkins (26 Jul 2023)

     Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
    CVE ID: CVE-2023-39151 (High), CVE-2023-39152 (Medium), CVE-2023-39153 (Medium), CVE-2023-3414 (Medium), CVE-2023-3442 (Medium), CVE-2023-39154 (Medium), CVE-2023-39155 (Low), CVE-2023-39156 (Medium) 
  • Drupal Security Updates (26 Jul 2023)

     Drupal has released security updates to address Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) vulnerabilities in Minify Source HTML and Drupal Symfony Mailer respectively.

  • Axis Security Update (25 Jul 2023)

     Axis has released security update to address Heap-based Buffer Overflow vulnerability in its equipment- AXIS A1001 that can allow an attacker to execute arbitrary code. The affected versions are AXIS A1001: 1.65.4 and prior.
    CVE ID: CVE-2023-21406 (High)
  • Vulnerability in Rockwell Automation's Equipment (25 Jul 2023)

     Relative Path Traversal vulnerability has been discovered in Rockwell Automation's Equipment- ThinManager ThinServer. The affected versions are ThinManager ThinServer 13.0.0-13.0.2 and 13.1.0. 
    CVE ID: CVE-2023-2913 (High)
  • Vulnerability in Johnson Controls Inc.'s Equipment (25 Jul 2023)

     Improper Restriction of Excessive Authentication Attempts vulnerability has been discovered in Johnson Controls Inc.'s Equipment- IQ Wifi 6. The affected versions are IQ Wifi 6 all firmware versions prior to 2.0.2. 
    CVE ID: CVE-2023-3548 (High)
  • VMware Security Update (25 Jul 2023)

     VMware has released security updates to address an information disclosure vulnerability in VMware Tanzu Application Service for VMs and Isolation Segment. An attacker can exploit this vulnerability to take control of an affected system.
    CVE ID: CVE-2023-20891 (Medium)
  • Google Released Security Updates for Chrome (25 Jul 2023)

     Google has released Stable channel 115.0.5790.110 for Windows and Linux and 115.0.5790.114 for Mac.

  • Vulnerability in MySQL Server (25 Jul 2023)

    A vulnerability has been discovered in MySQL Server that can result in an unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The affected versions are MySQL Server 8.0.33 and prior.
    CVE ID: CVE-2023-22058 (Critical)
  • Emerson Security Update (25 Jul 2023)

    Emerson has released security updates to address an Authentication Bypass vulnerability in its equipment- ROC800-Series RTU, including ROC800, ROC800L, and DL8000 Preset Controllers. The affected versions are ROC809 & ROC827: all firmware versions, all hardware series, ROC809L & ROC827L: all firmware versions, and DL8000: all firmware versions and all hardware series.
    CVE ID: CVE-2023-1935 (Critical)
  • Vulnerability in Infodrom Software E-Invoice Approval System (25 Jul 2023)

    A plaintext storage of a password vulnerability has been discovered in Infodrom Software E-Invoice Approval System that allows to read sensitive strings within an executable. The affected versions are E-Invoice Approval System before v.20230701.
    CVE ID: CVE-2023-35067 (Critical)
  • Vulnerability in Infodrom Software E-Invoice Approval System (25 Jul 2023)

    A SQL injection vulnerability has been discovered in Infodrom Software E-Invoice Approval System. The affected versions are E-Invoice Approval System before v.20230701.
    CVE ID: CVE-2023-35066 (Critical)
  • Vulnerability in David Pokorny Replace Word plugin (25 Jul 2023)

    A Cross-Site Request Forgery (CSRF) vulnerability has been discovered in the David Pokorny Replace Word plugin. The affected versions are David Pokorny Replace Word plugin 2.1 and below.
    CVE ID: CVE-2023-37973 (Critical)
  • Vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB plugin (25 Jul 2023)

    A Cross-Site Request Forgery (CSRF) vulnerability has been discovered in Kemal YAZICI - PluginPress Shortcode IMDB plugin. The affected versions are Kemal YAZICI - PluginPress Shortcode IMDB plugin 6.0.8 and below. 
    CVE ID: CVE-2023-37892 (Critical)
  • Vulnerability in TOTOLINK (25 Jul 2023)

    A Denial of Service (DoS) vulnerability has been discovered in TOTOLINK. The affected version is TOTOLINK CP300+ V5.2cu.7594. 
    CVE ID: CVE-2023-34669 (Critical)
  • Vulnerability in Cudy (25 Jul 2023)

    A Cross Site Scripting (XSS) vulnerability has been discovered in Cudy. The affected version is Cudy LT400 1.13.4. 
    CVE ID: CVE-2023-31853 (Critical)
  • Vulnerability in Origin Software ATS Pro (25 Jul 2023)

    An authorization bypass vulnerability has been discovered in Origin Software ATS Pro. The affected versions are ATS Pro: before 20230714. 
    CVE ID: CVE-2023-2958 (Critical)
  • Vulnerability in Querlo Chatbot WordPress plugin (25 Jul 2023)

    A Cross Site Scripting (XSS) vulnerability has been discovered in Querlo Chatbot WordPress plugin. The affected versions are Querlo Chatbot WordPress plugin through 1.2.4. 
    CVE ID: CVE-2023-3418 (Critical)
  • Vulnerability in Autochat Automatic Conversation WordPress plugin (25 Jul 2023)

    A Cross Site Scripting (XSS) vulnerability has been discovered in QAutochat Automatic Conversation WordPress plugin. The affected versions are QAutochat Automatic Conversation WordPress plugin through 1.1.7.
    CVE ID: CVE-2023-3041 (Critical)
  • Vulnerability in Secomea SiteManager Embedded (25 Jul 2023)

    Use after free vulnerability has been discovered in Secomea SiteManager Embedded, which allows obstruction.
    CVE ID: CVE-2023-2912 (Critical)
  • Vulnerability in Layui (25 Jul 2023)

    A Cross Site Scripting (XSS) vulnerability has been discovered in Layui. The affected versions are Layui up to v2.8.0-rc.16.
    CVE ID: CVE-2023-3691 (Critical)
  • Vulnerability in Plane (25 Jul 2023)

    A vulnerability has been discovered in Plane, an open-source, self-hosted project planning tool  that allows to view all stored server files of all users. The affected version is Plane 0.7.1.
    CVE ID: CVE-2023-2268 (Critical)
  • Vulnerability in GitHub Repository (25 Jul 2023)

    A Cross Site Scripting (XSS) vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository plaidweb/webmention.js prior to 0.5.5.
    CVE ID: CVE-2023-3672 (Critical)
  • Vulnerability in Wireshark (25 Jul 2023)

    An iSCSI dissector crash vulnerability has been discovered in Wireshark that allows Denial of Service (DoS) via packet injection or crafted capture file. The affected versions are Wireshark 4.0.0 to 4.0.6.
    CVE ID: CVE-2023-3649 (Critical)
  • Vulnerability in Wireshark (25 Jul 2023)

    A Kafka dissector crash vulnerability has been discovered in Wireshark that allows Denial of Service (DoS) via packet injection or crafted capture file. The affected versions are Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14.
    CVE ID: CVE-2023-3648 (Critical)
  • Vulnerability in Alaris Systems Manager (25 Jul 2023)

    It has been discovered that Alaris Systems Manager does not perform input validation during the Device Import Function. 
    CVE ID: CVE-2023-30564 (Critical)
  • Vulnerability in Ivanti Endpoint Manager Mobile (24 Jul 2023)

    Remote Unauthenticated API Access vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM). Ivanti has released security patch to address this vulnerability.
    CVE ID: CVE-2023-35078 (Critical)
  • Vulnerability in Applicant Programme (24 Jul 2023)

    An improper restriction of XML external entity references (XXE) vulnerability has been discovered in the Applicant Programme. The affected versions are Applicant Programme Ver.7.06 and earlier.
    CVE ID: CVE-2023-32639 (Low)
  • Citrix Released Security Updates (24 Jul 2023)

    Citrix has released security updates to address CPU hardware vulnerabilities in Citrix Hypervisor. The affected versions are Citrix Hypervisor running on AMD Zen 2 CPUs.
    CVE ID: CVE-2023-20593 (High)
  • WordPress Released Security Update for Custom Field For WP Job Manager plugin (24 Jul 2023)

    WordPress has released a security update to resolve a Stored Cross-Site Scripting (XSS) vulnerability in the Custom Field For WP Job Manager plugin. The affected versions are Custom Field For WP Job Manager versions up to, and including, 1.1.
    CVE ID: CVE-2023-3328 (Medium)
  • WordPress Released Security Update for Local Development plugin (24 Jul 2023)

    WordPress has released a security update to resolve a Cross-Site Request Forgery vulnerability in the Local Development plugin. The affected versions are Local Development versions up to, and including, 2.8.2.
    CVE ID: CVE-2023-3328 (Medium)
  • Apple Security Updates (24 Jul 2023)

    Apple has released security updates to address multiple vulnerabilities in its various products. An attacker can exploit some of these vulnerabilities to take control of an affected device.
    CVE ID: CVE-2023-38572, CVE-2023-38594, CVE-2023-38595, CVE-2023-38600, CVE-2023-38611, CVE-2023-38597, CVE-2023-38133, CVE-2023-38136, CVE-2023-38580, CVE-2023-32416, CVE-2023-32734, CVE-2023-32441, CVE-2023-38261, CVE-2023-38424, CVE-2023-38425, CVE-2023-38606, CVE-2023-32381, CVE-2023-32433, CVE-2023-35993, CVE-2023-38410, CVE-2023-38603, CVE-2023-38565, CVE-2023-38593, CVE-2023-32437
  • Google Released Security Updates for Chrome (24 Jul 2023)

    Google has released Beta channel 116.0.5845.46 (Platform version: 15509.31.0) for most ChromeOS devices.

  • Vulnerability in RenderDoc (22 Jul 2023)

    An integer overflow vulnerability has been discovered in RenderDoc. The affected versions are RenderDoc before 1.27.
    CVE ID: CVE-2023-33863 (Critical)
  • Vulnerability in ASUS (21 Jul 2023)

    A format string vulnerability has been discovered in ASUS RT-AX56U V2 & RT-AC86U that can allow to perform remote arbitrary code execution, arbitrary system operations or can disrupt services. The affected versions are RT-AX56U V2: 3.0.0.4.386_50460, and RT-AC86U: 3.0.0.4_386_51529.
    CVE ID: CVE-2023-35087 (Critical)
  • Vulnerability in ASUS (21 Jul 2023)

    A format string vulnerability has been discovered in ASUS RT-AX56U V2 & RT-AC86U that can allow  to perform remote arbitrary code execution, arbitrary system operations or can disrupt services. The affected versions are RT-AX56U V2: 3.0.0.4.386_50460, and RT-AC86U: 3.0.0.4_386_51529.
    CVE ID: CVE-2023-35086 (Critical)
  • Vulnerability in HGiga iSherlock (21 Jul 2023)

    An OS command injection vulnerability has been discovered in HGiga iSherlock. The affected versions are iSherlock 4.5 before iSherlock-user-4.5-174, and iSherlock 5.5 before iSherlock-user-5.5-174.
    CVE ID: CVE-2023-37292 (Critical)
  • Vulnerability in Tenda F1202 (21 Jul 2023)

    A stack overflow vulnerability has been discovered in Tenda F1202. The affected versions are Tenda F1202 V1.0BR_V1.2.0.20(408), and FH1202_V1.2.0.19_EN.
    CVE ID: CVE-2023-37723 (Critical)
  • Vulnerability in Grafana (21 Jul 2023)

    It has been discovered that a vulnerability in Grafana can lead to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.
    CVE ID: CVE-2023-3128 (Critical)
  • Vulnerability in Snow Monkey (21 Jul 2023)

    A directory traversal vulnerability has been discovered in Snow Monkey Forms that allow to delete arbitrary files on the server. The affected versions are Snow Monkey Forms v5.1.1 and earlier.
    CVE ID: CVE-2023-32623 (Critical)
  • Mozilla Released Security Updates (20 Jul 2023)

    Mozilla has released a security update to address use-after-free and file extension spoofing vulnerabilities in Thunderbird 115.0.1. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-3600 (High), CVE-2023-3417 (Medium)
  • Vulnerability in OpenSSH (20 Jul 2023)

     It has been discovered that ssh-add in OpenSSH adds smartcard keys to ssh-agent without the intended per-hop destination constraints that may  lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).  The affected version is OpenSSH 8.9.
    CVE ID: CVE-2023-28531 (Critical)
  • Vulnerability in Online Piggery Management System (19 Jul 2023)

     A file upload vulnerability has been discovered in Online Piggery Management System. The affected version is Online Piggery Management System 1.0.
    CVE ID: CVE-2023-37629 (Critical)
  • Vulnerability in Online Piggery Management System (19 Jul 2023)

     A SQL injection vulnerability has been discovered in Online Piggery Management System. The affected version is Online Piggery Management System 1.0.
    CVE ID: CVE-2023-37628 (Critical)
  • Vulnerability in DigiExam (19 Jul 2023)

     Lack of integrity check vulnerability has been discovered in DigiExam that allow to access PII and takeover accounts on shared computers. The affected versions are DigiExam up to v14.0.2.
    CVE ID: CVE-2023-33668 (Critical)
  • Vulnerability in RocketMQ NameServer (19 Jul 2023)

     A Remote Command Execution (RCE) vulnerability has been discovered in RocketMQ NameServer due to earlier vulnerability CVE-2023-33246 was not completely resolved in version 5.1.1. The updates are availabble.
    CVE ID: CVE-2023-37582 (Critical)
  • Vulnerability in DedeCMS (19 Jul 2023)

     A Server Side Request Forgery (SSRF) vulnerability has been discovered in DedeCMS. The affected version is DedeCMS 5.7.109.
    CVE ID: CVE-2023-3578 (Critical)
  • Vulnerability in MStore API plugin (19 Jul 2023)

     A unauthenticated privilege escalation has been discovered in MStore API plugin for WordPress. The affected versions are MStore API WordPress plugin before 3.9.9.
    CVE ID: CVE-2023-3076 (Critical)
  • Red Hat Security Updates (19 Jul 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Cisco Released Security Updates for Multiple Products (19 Jul 2023)

     Cisco has released security updates to address several vulnerabilities in Cisco Small Business SPA500 Series IP Phones and Cisco BroadWorks software. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-20181 (Medium), CVE-2023-20218 (Medium), CVE-2023-20216 (Medium)
  • Google Released Security Updates for Chrome (19 Jul 2023)

     Google has released Chrome 116 Beta channel for Windows, Mac and Linux, LTC-114 version 114.0.5735.143 (Platform Version: 15437.0) for most ChromeOS devices, Dev channel 116.0.5845.42 for Windows, Mac and Linux and LTS channel 108.0.5359.238 (Platform Version: 15183.101.0) for most ChromeOS devices to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-2931 (High), CVE-2023-2932 (High), CVE-2023-2933 (High)
  • Foxit PDF Editor Security Updates (19 Jul 2023)

     Foxit has released updated Foxit PDF Reader 12.1.3 and Foxit PDF Editor 12.1.3 to resolve multiple vulnerabilities in Foxit PDF Reader 12.1.2.15332 and earlier, and Foxit PDF Editor 12.1.2.15332 and all previous 12.x versions, 11.2.6.53790 and all previous 11.x versions, and 10.1.12.37872 and earlier.

  • Atlassian Security Updates (18 Jul 2023)

    Atlassian has released a security bulletin to resolve multiple vulnerabilities affecting its products. 
    CVE ID: CVE-2023-22505 (High), CVE-2023-22508 (High), CVE-2023-22506 (High)
  • Vulnerability in Rockwell Automation's Equipment (18 Jul 2023)

     An uncontrolled resource consumption vulnerability has been discovered in Rockwell Automation's Equipment- Kinetix 5700. The affected version is Rockwell Automation Kinetix 5700 V13.001.
    CVE ID: CVE-2023-2263 (High)
  • Multiple Vulnerabilities in Keysight Technologies' Equipment (18 Jul 2023)

     Multiple vulnerabilities have been discovered in Keysight Technologies' Equipment- N6854A Geolocation Server. The affected versions are N6854A Geolocation Server 2.4.2 and prior.
    CVE ID: CVE-2023-36853 (High), CVE-2023-34394 (High)
  • Multiple Vulnerabilities in Iagona's Equipment (18 Jul 2023)

     Multiple vulnerabilities have been discovered in Iagona's Equipment- ScrutisWeb that can allow to upload and execute arbitrary files. The affected versions are ScrutisWeb 2.1.37 and prior.
    CVE ID: CVE-2023-33871 (High), CVE-2023-38257 (High), CVE-2023-35763 (Medium), CVE-2023-35189 (Critical)
  • Multiple Vulnerabilities in Weintek's Equipment (18 Jul 2023)

     Multiple vulnerabilities have been discovered in Weintek's Equipment- Weincloud. The affected versions are Weintek Weincloud ?Account API 0.13.6 and prior.
    CVE ID: CVE-2023-35134 (High), CVE-2023-37362 (High), CVE-2023-32657 (Medium), CVE-2023-34429 (High)
  • Vulnerability in GeoVision's Equipment (18 Jul 2023)

     An improper authentication vulnerability has been discovered in GeoVision's Equipment- GV-ADR2701 that allow unauthorised log in to the camera's web application. The affected versions are GV-ADR2701 V1.00_2017_12_15.
    CVE ID: CVE-2023-3638 (Critical)
  • Vulnerability in GE Digital's Equipment (18 Jul 2023)

     A heap-based buffer overflow vulnerability has been discovered in GE Digital's Equipment- CIMPLICITY that allow to cause memory corruption issues resulting in unwanted behavior such as code execution. The affected versions are all versions of CIMPLICITY.
    CVE ID: CVE-2023-3463 (Medium)
  • WellinTech Security Updates (18 Jul 2023)

     WellinTech has released security updates to address multiple vulnerabilities in its equipment- KingHistorian. The affected versions are WellinTech KingHistorian 35.01.00.05.
    CVE ID: CVE-2022-45124 (High), CVE-2022-43663 (High)
  • Oracle Released July 2023 Critical Patch Update (18 Jul 2023)

    Oracle has released its critical patch update for July 2023 to address 508 vulnerabilities across multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-21975 (Critical), CVE-2023-21974 (Critical), CVE-2023-20873 (Critical), CVE-2023-20862 (Critical)
  • Multiple vulnerabilities in Citrix ADC and Citrix Gateway (18 Jul 2023)

    Multiple vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway).
    CVE ID: CVE-2023-3519 (Critical), CVE-2023-3467 (High), CVE-2023-3466 (High)
  • Oracle Released July 2023 Critical Patch Update for Linux (18 Jul 2023)

    Oracle has released its Critical patch update for Linux July 2023 to address several vulnerabilities affecting multiple products. A remote attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-29402 (Critical), CVE-2023-29404 (Critical), CVE-2023-29405 (Critical)
  • Vulnerability in PrestaShop vivawallet (18 Jul 2023)

    A SQL injection vulnerability has been discovered in PrestaShop vivawallet. The affected versions are PrestaShop vivawallet v.1.7.10 and before.
    CVE ID: CVE-2023-26861 (Critical)
  • Oracle Released July 2023 Critical Patch Update for Solaris Third Party (18 Jul 2023)

    Oracle has released its critical patch update for Solaris Third Party July 2023 to address several vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2022-37434 (Critical), CVE-2023-34416 (Critical)
  • CVE - KB Correlation (18 Jul 2023)

    List of CVE IDs and corresponding Knowledge Base IDs as released by Microsoft during July 2023.

  • GitLab Security Update (17 Jul 2023)

     GitLab has released Community Edition and Enterprise Edition version 15.11.12 to resolve a number of regressions and bugs.

  • Adobe Released Security Updates (15 Jul 2023)

    Adobe has released security updates to address an arbitrary code execution vulnerability in Adobe ColdFusion. The affected versions are ColdFusion 2023, 2021 and?2018.
    CVE ID: CVE-2023-38203 (Critical)
  • Vulnerability in Rockwell Automation's Equipment (13 Jul 2023)

    A Cross-site Scripting (XSS) vulnerability has been discovered in Rockwell Automation's Equipment- PowerMonitor 1000 that can allow to achieve Remote Code Execution (RCE) and potentially the complete loss of confidentiality, integrity, and availability of the product. The affected version is PowerMonitor 1000 V4.011.
    CVE ID: CVE-2023-2072 (High)
  • Vulnerability in Honeywell's Equipment (13 Jul 2023)

    Multiple vulnerabilities have been discovered in Honeywell's Equipment- Experion PKS, LX, and PlantCruise that can cause a Denial of Service (DoS) condition and can allow privilege escalation or Remote Code Execution (RCE). The affected versions are Experion PKS: versions prior to R520.2, Experion LX: versions prior to R520.2, and Experion PlantCruise: versions prior to R520.2.
    CVE ID: CVE-2023-23585 (Critical), CVE-2023-25078 (Critical), CVE-2023-25948 (Critical), CVE-2023-26597 (High), CVE-2023-24480 (Critical), CVE-2023-25770 (Critical), CVE-2023-25178 (High), CVE-2023-22435 (Critical), CVE-2023-24474 (Critical)
  • Vulnerability in BD's Equipment (13 Jul 2023)

    Multiple vulnerabilities have been discovered in BD's Equipment- Alaris PCU, Guardrails Editor, Systems Manager, Calculation Services, CQI Reporter that can allow to compromise sensitive data, hijack a session, modify firmware, make changes to system configurations, among other system impacts. The affected versions are BD Alaris Point-of-Care Unit (PCU) Model 8015: Versions 12.1.3 and prior, BD Alaris Guardrails Editor: Versions 12.1.2 and prior, BD Alaris Systems Manager: Versions 12.3 and prior, CQI Reporter: v10.17 and prior, and Calculation Services: Versions 1.0 and prior.
    CVE ID: CVE-2023-30559 (Medium), CVE-2023-30560 (Medium), CVE-2023-30561 (Medium), CVE-2023-30562 (Medium), CVE-2023-30563 (High), CVE-2023-30564 (Medium), CVE-2023-30565 (Low), CVE-2018-1285 (Low)
  • Vulnerability in VegaGroup Web Collection (13 Jul 2023)

    SQL Injection vulnerability has been discovered in VegaGroup Web Collection. The affected versions are Web Collection before 31197.
    CVE ID: CVE-2023-35070 (Critical)
  • Vulnerability in User Registration plugin for WordPress (13 Jul 2023)

    Arbitrary file uploads vulnerability has been discovered in User Registration plugin for WordPress. The affected versions are User Registration plugin up to, and including, 3.0.2.
    CVE ID: CVE-2023-3342 (Critical)
  • Vulnerability in Tenda (13 Jul 2023)

    Stack overflow vulnerability has been discovered in Tenda. The affected versions are Tenda AC1206 V15.03.06.23, F1202 V1.2.0.20(408), and FH1202 V1.2.0.20(408).
    CVE ID: CVE-2023-37712 (Critical) 
  • Vulnerability in Tenda (13 Jul 2023)

    Stack overflow vulnerability has been discovered in Tenda. The affected versions are Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47.
    CVE ID: CVE-2023-37711 (Critical) 
  • Vulnerability in SmartBPM.NET (13 Jul 2023)

    Hard-coded authentication key vulnerability has been discovered in SmartBPM.NET.
    CVE ID: CVE-2023-37287 (Critical) 
  • Vulnerability in TOTOLINK A3300R (13 Jul 2023)

    Command injection vulnerability has been discovered in TOTOLINK A3300R. The affected versions is TOTOLINK A3300R V17.0.0cu.557_B20221024.
    CVE ID: CVE-2023-37173 (Critical) 
  • Vulnerability in TravianZ (13 Jul 2023)

    Incorrect Access Control vulnerability has been discovered in TravianZ. The affected versions are TravianZ 8.3.4 and 8.3.3.
    CVE ID: CVE-2023-36994 (Critical) 
  • Red Hat Security Updates (13 Jul 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Ubuntu Released Security Updates for Multiple Products (13 Jul 2023)

    Ubuntu has released security updates to address several vulnerabilities in SciPy, and Knot Resolver. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 ESM, and Ubuntu 16.04 ESM.
    CVE ID: CVE-2023-29824, CVE-2023-25399 (Medium), CVE-2022-40188
  • Microsoft Security Updates for Office and Windows HTML (12 Jul 2023)

    Microsoft has released security updates to address Remote Code Execution vulnerability in Office and Windows HTML. 
    CVE ID: CVE-2023-36884 (High) 
  • Juniper Released Security Updates (12 Jul 2023)

    Juniper has released security updates to address multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Palo Alto Networks Security Updates (12 Jul 2023)

    Palo Alto Networks has released security updates to address a vulnerability in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system.
    CVE ID: CVE-2023-38046 (Medium)
  • Multiple Vulnerabilities in Jenkins (12 Jul 2023)

    Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
    CVE ID: CVE-2023-37942 (High), CVE-2023-37943 (Low), CVE-2023-37944 (Medium), CVE-2023-37945 (Medium), CVE-2023-37946 (High), CVE-2023-37947 (Medium), CVE-2023-37948 (Medium), CVE-2023-37949 (Medium), CVE-2023-37950 (Medium), CVE-2023-37951 (Medium), CVE-2023-37952 (High), CVE-2023-37953 (High), CVE-2023-37954 (Medium), CVE-2023-37955 (Medium), CVE-2023-37956 (Medium), CVE-2023-37957 (High), CVE-2023-37958 (Medium), CVE-2023-37959 (Medium), CVE-2023-37960 (Medium), CVE-2023-37961 (Medium), CVE-2023-37962 (Medium), CVE-2023-37963 (Medium), CVE-2023-37964 (Medium), CVE-2023-37965 (Medium)
  • WordPress Released Security Update for MailArchiver plugin (12 Jul 2023)

    WordPress has released security update to resolve an authentication bypass vulnerability in MailArchiver plugin. The affected versions are MailArchiver versions up to, and including, 2.10.1.
    CVE ID: CVE-2023-3136 (High)
  • Drupal Security Updates (12 Jul 2023)

    Drupal has released security updates to address an access bypass vulnerability in Two-factor Authentication (TFA), a third-party library used in it.

  • Google Released Security Updates for Chrome (12 Jul 2023)

    Google has released Chrome 115 (115.0.5790.85) for Android, Stable channel 115.0.5790.90 for Windows and Mac, Beta channel 115.0.5790.90 for Windows, Mac and Linux, Dev channel 116.0.5845.27 (Platform version: 15509.20.0) for most ChromeOS devices, Chrome Stable 115 (115.0.5790.84) for iOS, and Chrome Beta 115 (115.0.5790.85) for Android.

  • Vulnerability in TOTOLINK LR350 (12 Jul 2023)

    Command injection vulnerability has been discovered in TOTOLINK LR350. The affected version is TOTOLINK LR350 V9.3.5u.6369_B20220309.
    CVE ID: CVE-2023-37149 (Critical)
  • Vulnerability in Tenda AC10 (12 Jul 2023)

    Command injection vulnerability has been discovered in Tenda AC10. The affected version is Tenda AC10 v15.03.06.26.
    CVE ID: CVE-2023-37144 (Critical)
  • Vulnerability in Zimbra ZCS (12 Jul 2023)

    Cross Site Scripting vulnerability has been discovered in Zimbra ZCS. The affected version is Zimbra ZCS v.8.8.15.
    CVE ID: CVE-2023-34192 (Critical)
  • Vulnerability in Zimbra Collaboration ZCS (12 Jul 2023)

    Arbitrary code execution vulnerability has been discovered in Zimbra Collaboration ZCS. The affected versions are Zimbra Collaboration ZCS v.8.8.15 and v.9.0.
    CVE ID: CVE-2023-29382 (Critical)
  • Vulnerability in Zimbra Collaboration (ZCS) (12 Jul 2023)

    Privilege escalation vulnerability has been discovered in Zimbra Collaboration (ZCS). The affected versions are Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0.
    CVE ID: CVE-2023-29381 (Critical)
  • Vulnerability in Langchain (12 Jul 2023)

    Arbitrary code execution vulnerability has been discovered in Langchain. The affected version is langchain v.0.0.64.
    CVE ID: CVE-2023-36188 (Critical)
  • Vulnerability in Langchain (12 Jul 2023)

    Buffer overflow vulnerability has been discovered in the modem pinctrl module that affects the integrity and availability of the modem.
    CVE ID: CVE-2023-37245 (Critical)
  • Rockwell Automation Security Update (12 Jul 2023)

    Rockwell Automation has released security update to address an Out-of-bounds Write vulnerability in its equipment- 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK, 1756-EN4TR, 1756-EN4TRK, 1756-EN4TRXT that can allow malicious actors to gain remote access of the running memory of the module and perform malicious activity.
    CVE ID: CVE-2023-3595 (Critical), CVE-2023-3596 (High)
  • Cisco Released Security Updates for Cisco SD-WAN vManage (12 Jul 2023)

    Cisco has released security updates to address an Unauthenticated REST API Access vulnerability in Cisco SD-WAN vManage. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-20214 (Critical)
  • Multiple Vulnerabilities in Zoom Products (11 Jul 2023)

    Multiple vulnerabilities have been discovered in several Zoom products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-36538 (High), CVE-2023-36537 (High), CVE-2023-36536 (High), CVE-2023-34119 (High), CVE-2023-34118 (High), CVE-2023-34117 (Low), CVE-2023-34116 (High)
  • SAP Released July 2023 Security Notes (11 Jul 2023)

     SAP has released security notes to address several critical vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • HPE Aruba Networking Security Updates (11 Jul 2023)

    HPE Aruba Networking has released security updates to address multiple vulnerabilities in ArubaOS. The affected versions are ArubaOS 10.4.x.x: 10.4.0.1 and below, ArubaOS 8.11.x.x: 8.11.1.0 and below, ArubaOS 8.10.x.x: 8.10.0.6 and below, and ArubaOS 8.6.x.x: 8.6.0.20 and below.
    CVE ID: CVE-2023-35971 (High), CVE-2023-35972 (High), CVE-2023-35973 (High), CVE-2023-35974 (High), CVE-2023-35975 (Medium), CVE-2023-35976 (Medium), CVE-2023-35977 (Medium), CVE-2023-35978 (Medium), CVE-2023-35979 (Medium)
  • Citrix Released Security Updates (11 Jul 2023)

    Citrix has released security updates to address multiple vulnerabilities in Citrix Secure Access client for Ubuntu, and Citrix Secure Access client for Windows. The affected versions are Citrix Secure Access client for Ubuntu versions before 23.5.2, and Citrix Secure Access client for Windows versions before 23.5.1.3.
    CVE ID: CVE-2023-24492 (Critical), CVE-2023-24491 (High)
  • Multiple Vulnerabilities in Siemens Products (11 Jul 2023)

    Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve these vulnerabilities.
    CVE ID: CVE-2023-25910 (Critical), CVE-2022-1292 (Critical), CVE-2022-30767 (Critical), CVE-2023-29130 (Critical), CVE-2023-29131 (High), CVE-2022-1292 (Critical)
  • Office and Windows HTML Remote Code Execution Vulnerability (11 Jul 2023)

    Remote code execution vulnerabilities have been reported in Windows and Office products. An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim.
    CVE ID: CVE-2023-36884 (High)
  • Fortinet Security Updates for FortiOS (11 Jul 2023)

     Fortinet has released security updates to address an insufficient session expiration vulnerability in the FortiOS REST API that can allow to reuse the session of a deleted user and can manage to obtain the API token. The affected products are FortiOS version 7.2.0 through 7.2.4, and FortiOS 7.0 all versions.
    CVE ID: CVE-2023-28001 (Medium)
  • Mozilla Released Security Updates (11 Jul 2023)

     Mozilla has released a security update to address use-after-free vulnerability in Firefox 115.0.2 and Firefox ESR 115.0.2. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-3600 (High)
  • Johnson Controls Security Update for iSTAR Equipment (11 Jul 2023)

     Johnson Controls has released a security update to resolve an improper authentication vulnerability in its equipment- iSTAR. The affected versions are all iSTAR Ultra and iSTAR Ultra LT after firmware version 6.8.6 and prior to 6.9.2 CU01, and all iSTAR Ultra G2 and iSTAR Edge G2 firmware versions prior to 6.9.2 CU01.
    CVE ID: CVE-2023-3127 (High)
  • Panasonic Security Update (11 Jul 2023)

     Panasonic has released a security update to address multiple vulnerabilities in its equipment- Control FPWIN Pro7. The affected versions are Panasonic Control FPWIN 7.6.0.3 and all previous versions.
    CVE ID: CVE-2023-28728 (High), CVE-2023-28729 (High), CVE-2023-28730 (High)
  • Vulnerability in Mitsubishi Electric's Equipment (11 Jul 2023)

     An authentication bypass vulnerability has been discovered in Mitsubishi Electric's Equipment- MELSEC-F Series that can allow to login to the product by sending specially crafted packets.
    CVE ID: CVE-2023-2846 (High)
  • Fortinet Security Updates for FortiOS & FortiProxy (11 Jul 2023)

     Fortinet has released security updates to address a stack-based overflow vulnerability in FortiOS & FortiProxy that can allow to execute arbitrary code or command via crafted packets. The affected products are FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiProxy version 7.2.0 through 7.2.2 and FortiProxy version 7.0.0 through 7.0.9.
    CVE ID: CVE-2023-33308 (Critical)
  • Microsoft Released July 2023 Security Updates (11 Jul 2023)

     Microsoft has released updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-32057 (Critical), CVE-2023-33150 (Critical), CVE-2023-35365 (Critical), CVE-2023-35366 (Critical), CVE-2023-35367 (Critical)
  • Adobe Released Security Updates (11 Jul 2023)

     Adobe has released security updates to address multiple vulnerabilities in Adobe InDesign and Adobe ColdFusion. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-29308 (High), CVE-2023-29309 (Medium), CVE-2023-29310 (Medium), CVE-2023-29311 (Medium), CVE-2023-29312 (Medium), CVE-2023-29313 (Medium), CVE-2023-29314 (Medium), CVE-2023-29315 (Medium), CVE-2023-29316 (Medium), CVE-2023-29317 (Medium), CVE-2023-29318 (Medium), CVE-2023-29319 (Medium), CVE-2023-29301 (Medium), CVE-2023-29298 (High), CVE-2023-29300 (Critical)
  • Rockwell Automation's Equipment Security Update (11 Jul 2023)

     Rockwell Automation has released a security update to resolve Cross Site Request Forgery (CSRF) vulnerability in its equipment -Enhanced HIM. Affected version is Enhanced HIM 1.001.
    CVE ID: CVE-2023-2746 (Critical)
  • Schneider Electric Security Updates (11 Jul 2023)

     Schneider Electric has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-37196 (High), CVE-2023-37197 (High), CVE-2023-37198 (Medium), CVE-2023-37199 (Medium), CVE-2023-37200 (Medium), CVE-2023-29414 (High),CVE-2023-28003
  • Vulnerability in Hero Qubo (10 Jul 2023)

    It has been discovered that Hero Qubo allows TELNET access with root privileges by default, without a password. The affected version is Hero Qubo HCD01_02_V1.38_20220125.
    CVE ID: CVE-2023-22906 (High)
  • Apple Security Updates (10 Jul 2023)

     Apple has released security updates to address a vulnerability in Safari 16.5.2, Rapid Security Response iOS 16.5.1 (a) & iPadOS 16.5.1 (a), and Rapid Security Response macOS Ventura 13.4.1 (a). An attacker can exploit this vulnerability to take control of an affected device.
    CVE ID: CVE-2023-37450
  • Vulnerability in Cisco ACI Multi-Site CloudSec Encryption (08 Jul 2023)

     An information disclosure vulnerability has been discovered in Cisco ACI Multi-Site CloudSec Encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode that can allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic.
    CVE ID: CVE-2023-20185 (High)
  • Progress Security Updates for MOVEit Transfer (06 Jul 2023)

     Progress has released security updates to address multiple vulnerabilities in MOVEit Transfer. A threat actor can exploit some of these vulnerabilities to obtain sensitive information. 
    CVE ID: CVE-2023-36934 (Critical), CVE-2023-36932 (High), CVE-2023-36933 (High)
  • PiiGAB Security Update (06 Jul 2023)

     PiiGAB has released a security update to address multiple vulnerabilities in its equipment- M-Bus SoftwarePack 900S, that can allow to inject arbitrary commands, steal passwords, or trick valid users into executing malicious commands.
    CVE ID: CVE-2023-36859 (High), CVE-2023-33868 (Medium), CVE-2023-31277 (High), CVE-2023-35987 (Critical), CVE-2023-35765 (Medium), CVE-2023-32652 (High), CVE-2023-34995 (High), CVE-2023-34433 (High), CVE-2023-35120 (High)
  • VMware Security Update (06 Jul 2023)

     VMware has released security updates to address an authentication bypass vulnerability in VMware SD-WAN (Edge). An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-20899 (Medium)
  • Google Released Security Updates for Chrome (06 Jul 2023)

     Google has released Beta channel 115.0.5790.75 for Windows, Mac and Linux, Chrome Beta 115 (115.0.5790.69) for Android, and Chrome Beta 115 (115.0.5790.71) for iOS.

  • GitLab Security Updates (05 Jul 2023)

     GitLab has released updated versions 16.1.2, 16.0.7, and 15.11.11 for GitLab Community Edition (CE) and Enterprise Edition (EE).
    CVE ID: CVE-2023-3484 (High)
  • Mozilla Released Security Updates for Firefox, Thunderbird, Firefox ESR and Firefox 115 (04 Jul 2023)

     Mozilla has released security updates to resolve multiple vulnerabilities in Firefox for iOS 115, Thunderbird 102.13, Firefox ESR 102.13, and Firefox 115. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-37455 (Medium), CVE-2023-37456 (Low), CVE-2023-37201 (High), CVE-2023-37202 (High), CVE-2023-37207 (Medium), CVE-2023-37208 (Medium), CVE-2023-37211 (High), CVE-2023-3482 (Medium),CVE-2023-37203, CVE-2023-37204 (Medium), CVE-2023-37205 (Medium), CVE-2023-37206 (Medium), CVE-2023-37209 (Medium), CVE-2023-37210 (Low), CVE-2023-37212 (High)
  • Moxa Security Updates (03 Jul 2023)

     Moxa has released security updates to resolve a user enumeration vulnerability in the Moxa TN-5900 Series. The affected versions are TN-5900 Series 3.3 and earlier.
    CVE ID: CVE-2023-3336
  • Vulnerability in GitHub Repository (03 Jul 2023)

    A Server-Side Request Forgery (SSRF) vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository plantuml/plantuml prior to 1.2023.9.
    CVE ID: CVE-2023-3432 (Critical)
  • Vulnerability in Nettle (03 Jul 2023)

    A memory corruption vulnerability has been discovered in OCB feature in libnettle of Nettle. The affected versions are Nettle 3.9 before 3.9.1.
    CVE ID: CVE-2023-36660 (Critical)
  • Vulnerability in File Manager Advanced Shortcode WordPress plugin (03 Jul 2023)

    A Remote Code Execution (RCE) vulnerability has been discovered in File Manager Advanced Shortcode WordPress plugin. The affected versions are File Manager Advanced Shortcode WordPress plugin through 2.3.2.
    CVE ID: CVE-2023-2068 (Critical)
  • Vulnerability in Custom 404 Pro WordPress plugin (03 Jul 2023)

    A SQL Injection vulnerability has been discovered in Custom 404 Pro WordPress plugin. The affected versions are Custom 404 Pro WordPress plugin before 3.8.1.
    CVE ID: CVE-2023-2032 (Critical)
  • Vulnerability in Talend Data Catalog (03 Jul 2023)

    A directory traversal vulnerability has been discovered in Talend Data Catalog. The affected versions are Talend Data Catalog before 8.0-20230221.
    CVE ID: CVE-2023-36301 (Critical)
  • Vulnerability in OpenWB (03 Jul 2023)

    A command injection vulnerability has been discovered in OpenWB. The affected versions are OpenWB 1.6 and 1.7.
    CVE ID: CVE-2023-30261 (Critical)
  • Vulnerability in Trend Micro Apex One and Apex One as a Service (30 Jun 2023)

    A path traversal vulnerability has been discovered in Trend Micro Apex One and Apex One as a Service that allows to upload an arbitrary file to the Management Server, which can lead to Remote Code Execution (RCE) with system privileges.
    CVE ID: CVE-2023-32557 (Critical)
  • Vulnerability in Trend Micro Mobile Security (30 Jun 2023)

    A path traversal vulnerability has been discovered in a specific service dll of Trend Micro Mobile Security (Enterprise). The affected version is Trend Micro Mobile Security (Enterprise) 9.8 SP5.
    CVE ID: CVE-2023-32521 (Critical)
  • Vulnerability in Web3 – Crypto wallet Login & NFT token gating plugin for WordPress (30 Jun 2023)

    An authentication bypass vulnerability has been discovered in the Web3 – Crypto wallet Login & NFT token gating plugin for WordPress. The affected versions are Web3 – Crypto wallet Login & NFT token gating plugin up to, and including, 2.6.0.
    CVE ID: CVE-2023-3249 (Critical)
  • Vulnerability in BookIt plugin for WordPress (30 Jun 2023)

    An authentication bypass vulnerability has been discovered in the BookIt plugin for WordPress. The affected versions are BookIt plugin up to, and including, 2.3.7.
    CVE ID: CVE-2023-2834 (Critical)
  • Vulnerability in Fortra Globalscape EFT (30 Jun 2023)

    An out of bounds memory read vulnerability has been discovered in Fortra Globalscape EFT. The affected versions are Fortra Globalscape EFT before 8.1.0.16.
    CVE ID: CVE-2023-2989 (Critical)
  • Vulnerability in Jeesite (30 Jun 2023)

    A SQL injection vulnerability has been discovered in Jeesite. The affected version is Jeesite before commit 10742d3.
    CVE ID: CVE-2023-34601 (Critical)
  • Vulnerability in Netgear R6250 Firmware (27 Jun 2023)

    A buffer overflow vulnerability has been discovered in Netgear R6250 Firmware. The affected version is Netgear R6250 Firmware 1.0.4.48.
    CVE ID: CVE-2023-34563 (Critical)
  • Vulnerability in Zoho ManageEngine (27 Jun 2023)

    An authentication bypass vulnerability has been discovered in Zoho ManageEngine ADSelfService Plus. The affected versions are Zoho ManageEngine ADSelfService Plus through 6113.
    CVE ID: CVE-2023-35854 (Critical)
  • Vulnerability in Adiscon LogAnalyzer (27 Jun 2023)

    A SQL injection vulnerability has been discovered in Adiscon LogAnalyzer. The affected versions are Adiscon LogAnalyzer v4.1.13 and before.
    CVE ID: CVE-2023-34600 (Critical)
  • Vulnerability in Langchain (27 Jun 2023)

    An arbitrary code execution vulnerability has been discovered in Langchain. The affected version is Langchain 0.0.171.
    CVE ID: CVE-2023-34541 (Critical)
  • Vulnerability in Notepad App (27 Jun 2023)

    An improper permission control vulnerability has been discovered in the Notepad app that can lead to privilege escalation.
    CVE ID: CVE-2023-34159 (Critical)
  • Vulnerability in Zyxel Firmware (27 Jun 2023)

    A pre-authentication command injection vulnerability has been discovered in Zyxel NAS firmware that can allow to execute some Operating System (OS) commands remotely by sending a crafted HTTP request.The affected versions are Zyxel NAS326 firmware prior to V5.21(AAZF.14)C0, NAS540 firmware prior to V5.21(AATB.11)C0, and NAS542 firmware prior to V5.21(ABAG.11)C0.
    CVE ID: CVE-2023-27992 (Critical)
  • Vulnerability in Firefox (27 Jun 2023)

    A memory corruption vulnerability has been discovered in Firefox 113. The affected versions are Firefox prior to Firefox 114.
    CVE ID: CVE-2023-34417 (Critical)
  • Vulnerability in MStore API plugin (24 Jun 2023)

    An unauthenticated Blind SQL Injection vulnerability has been discovered in MStore API plugin for WordPress. The affected versions are MStore API versions up to, and including, 4.0.1.
    CVE ID: CVE-2023-3197 (Critical)
  • Vulnerability in TP-Link Archer (23 Jun 2023)

    A buffer overflow vulnerability has been discovered in TP-Link Archer. The affected version is TP-Link Archer AX10(EU)_V1.2_230220.
    CVE ID: CVE-2023-34832 (Critical)
  • Vulnerability in OTCMS (23 Jun 2023)

    A Server Side Request Forgery (SSRF) vulnerability has been discovered in OTCMS. The affected versions are OTCMS up to 6.62.
    CVE ID: CVE-2023-3238 (Critical)
  • Vulnerability in PublicCMS (23 Jun 2023)

    An insecure permissions vulnerability has been discovered in PublicCMS. The affected versions are PublicCMS V4.0.202302 and below.
    CVE ID: CVE-2023-34852 (Critical)
  • Vulnerability in ArcSight Logger (23 Jun 2023)

    A potential XML external entity injection vulnerability has been discovered in ArcSight Logger. The affected versions are ArcSight Logger prior to 7.3.0.
    CVE ID: CVE-2023-24470 (Critical)
  • VMware Security Update (22 Jun 2023)

    VMware has released security updates to address heap overflow vulnerability, use-after-free, memory corruption vulnerability, and out-of-bounds read vulnerabilities in VMware vCenter Server. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-20892 (High), CVE-2023-20893 (High), CVE-2023-20894 (High), CVE-2023-20895 (High), CVE-2023-20896 (Medium)
  • Vulnerability in SpiderControl's Equipment (22 Jun 2023)

    A path traversal vulnerability has been discovered in SpiderControl's Equipment- SCADAWebServer that can result in a Denial of Service (DoS) condition. The affected versions are SCADAWebServer 2.08 and prior. 
    CVE ID: CVE-2023-3329 (Medium)
  • Advantech Security Updates (22 Jun 2023)

    Advantech has released security updates to address hard coded password and external control of file name or path vulnerabilities in its equipment- R-SeeNet that can allow to authenticate as a valid user or access files on the system. The affected versions are R-SeeNet 2.4.22 and prior.
    CVE ID: CVE-2023-2611 (Critical), CVE-2023-3256 (High)
  • Red Hat Security Updates (22 Jun 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (22 Jun 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Google Released Security Updates for Chrome (22 Jun 2023)

    Google has released Chrome Dev 116 (116.0.5842.3) for Android.

  • Ubuntu Released Security Updates for Multiple Products (22 Jun 2023)

    Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 23.04, Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.

  • Multiple Vulnerabilities in WordPress Plugins (22 Jun 2023)

    Multiple vulnerabilities have been discovered in several WordPress Plugins. Security updates are available.

  • Apple Security Updates (21 Jun 2023)

    Apple has released security updates to address multiple vulnerabilities in its various products. An attacker can exploit some of these vulnerabilities to take control of an affected device.
    CVE ID: CVE-2023-32439, CVE-2023-32434, CVE-2023-32435
  • ISC Released Security Updates for BIND 9 (21 Jun 2023)

    ISC has released security updates to address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9. An attacker can exploit some of these vulnerabilities to take control of an affected device.
    CVE ID: CVE-2023-2911 (High), CVE-2023-2829 (High), CVE-2023-2828 (High)
  • Juniper Released Security Updates (21 Jun 2023)

    Juniper has released security updates to address an improper input validation vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-0026 (High)
  • Google Released Security Updates for Chrome (21 Jun 2023)

    Google has released Stable channel 114.0.5735.143 (Platform version: 15437.57.0) for most ChromeOS devices, Chrome Beta 115 (115.0.5790.40) for Android, Beta channel 115.0.5790.40 for Windows, Linux and Mac, Chrome Beta 115 (115.0.5790.40) for iOS and LTS channel 108.0.5359.235 (Platform Version: 15183.98.0) for most ChromeOS devices to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-3079, CVE-2023-2935, CVE-2023-0045, CVE-2023-32233
  • Red Hat Security Updates (20 Jun 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Zyxel Security Updates (20 Jun 2023)

     A command injection vulnerability has been discovered in Zyxel NAS. The affected products are Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0. Zyxel has released security patches to address vulnerability.
    CVE ID: CVE-2023-27992(Critical)
  • Multiple Vulnerabilities in Several IBM Products (20 Jun 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Fortinet Security Updates for FortiNAC (19 June 2023)

    Fortinet has released security updates to resolve a command injection vulnerability in FortiNAC that can allow to copy local files of the device to other local directories of the device via specially crafted input fields. The affected products are FortiNAC 9.4.0 through 9.4.3, and FortiNAC 7.2.0 through 7.2.1.
    CVE ID: CVE-2023-33300 (Medium)
  • Fortinet Security Updates for FortiNAC (19 June 2023)

    Fortinet has released security updates to resolve a deserialization of untrusted data vulnerability in some of its products   that can allow to execute unauthorized code or commands. Security updates for FortiNAC 8.8 all versions, FortiNAC 8.7 all versions, FortiNAC 8.6 all versions, FortiNAC 8.5 all versions and FortiNAC 8.3 all versions are still not released.
    CVE ID: CVE-2023-33299 (Critical)
  • Ubuntu Released Security Updates for Multiple Products (19 Jun 2023)

     Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 23.04, Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.

  • WordPress Released Security Updates (19 Jun 2023)

     WordPress has released security updates to resolve multiple vulnerabilities in its plugins. The affected products are CMS Commander plugin versions up to, and including, 2.287 and WP Sticky Social plugin versions up to, and including, 1.0.1.

  • SUSE Security Updates (19 Jun 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Fortinet Security Updates for FortiSIEM (16 June 2023)

    Fortinet has released security updates to resolve a plaintext storage of a password vulnerability in FortiSIEM. The affected products are FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions and 5.3 all versions.
    CVE ID: CVE-2023-26204 (Critical)
  • SQL Injection Vulnerability in Thinking Software Efence (16 June 2023)

    A SQL injection vulnerability has been discovered in Thinking Software Efence.
    CVE ID: CVE-2023-32754 (Critical)
  • Vulnerability in bloofoxCMS (16 June 2023)

    A SQL injection vulnerability has been discovered in bloofox CMS v0.5.2.1.
    CVE ID: CVE-2023-34756 (Critical)
  • Vulnerability in bloofoxCMS (16 June 2023)

    A SQL injection vulnerability has been discovered in bloofox CMS v0.5.2.1.
    CVE ID: CVE-2023-34755 (Critical)
  • Vulnerability in bloofoxCMS (16 June 2023)

    A SQL injection vulnerability has been discovered in bloofox CMS v0.5.2.1.
    CVE ID: CVE-2023-34754 (Critical)
  • Vulnerability in bloofoxCMS (16 June 2023)

    A SQL injection vulnerability has been discovered in bloofox CMS v0.5.2.1.
    CVE ID: CVE-2023-34753 (Critical)
  • Vulnerability in bloofoxCMS (16 June 2023)

    A SQL injection vulnerability has been discovered in bloofox CMS v0.5.2.1.
    CVE ID: CVE-2023-34752 (Critical)
  • Vulnerability in bloofoxCMS (16 June 2023)

    A SQL injection vulnerability has been discovered in bloofox CMS v0.5.2.1.
    CVE ID: CVE-2023-34751 (Critical)
  • Vulnerability in bloofoxCMS (16 June 2023)

    A SQL injection vulnerability has been discovered in bloofox CMS v0.5.2.1.
    CVE ID: CVE-2023-34750 (Critical)
  • Vulnerability in OMICARD EDM (16 June 2023)

    A vulnerability has been discovered in  OMICARD EDM’s file uploading function that can allow, to perform arbitrary system commands or disrupt services.
    CVE ID: CVE-2023-32753 (Critical)
  • Vulnerability in L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000 (16 June 2023)

    A vulnerability has been discovered in L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000’s file uploading function  that can allow, to perform arbitrary system commands or disrupt services.
    CVE ID: CVE-2023-32752
  • CVE - KB Correlation (16 Jun 2023)

    List of CVE IDs and corresponding Knowledge Base IDs as released by Microsoft during June 2023.

  • Google Released Security Updates for Chrome (15 Jun 2023)

     Google has released Dev channel 116.0.5829.0 for Windows, Linux and Mac andChrome Dev 116 (116.0.5830.4) for Android.

  • Google Released Security Updates for Chrome (14 Jun 2023)

     Google has released  Beta channel 115.0.5790.32 for Windows, Mac and Linux, Beta channel OS version: 15474.21.0 Browser version: 115.0.5790.30 for most ChromeOS devices,  Chrome Beta 115 (115.0.5790.32) for Android and LTS channel 108.0.5359.234 (Platform Version: 15183.97.0) for most ChromeOS devices.

  • Vulnerability in Adobe Commerce (14 June 2023)

    An  arbitrary code execution vulnerability has been discovered in  Adobe Commerce. The affected versions are  Adobe Commerce versions 2.4.6 & earlier, 2.4.5-p2 & earlier and 2.4.4-p3 & earlier.
    CVE ID: CVE-2023-29297 (Critical)
  • Vulnerability in Windows Pragmatic General Multicast (PGM) (13 June 2023)

    A Remote Code Execution (RCE) vulnerability has been discovered in  Windows Pragmatic General Multicast (PGM)
    CVE ID: CVE-2023-32015 (Critical)
  • Vulnerability in Windows Pragmatic General Multicast (PGM) (13 June 2023)

    A Remote Code Execution (RCE) vulnerability has been discovered in  Windows Pragmatic General Multicast (PGM)
    CVE ID: CVE-2023-32014 (Critical)
  • Vulnerability in Windows Pragmatic General Multicast (PGM)  (13 June 2023)

    A Remote Code Execution (RCE) vulnerability has been discovered in  Windows Pragmatic General Multicast (PGM)
    CVE ID: CVE-2023- 29363 (Critical)
  • Microsoft Security Update for Microsoft SharePoint Server 2019 (13 June 2023)

    Microsoft has released a security update to resolve an elevation of privilege vulnerability in Microsoft SharePoint Server 2019.
    CVE ID: CVE-2023-29357 (Critical)
  • Vulnerability in Satos Mobile  (13 June 2023)

    A SQL injection vulnerability has been discovered in Satos Mobile .
    CVE ID: CVE-2023-35064 (Critical)
  • Vulnerability in TMT Lockcell (13 June 2023)

    A vulnerability has been discovered in TMT Lockcell that can cause privilege abuse authentication bypass in affected systems.
    CVE ID: CVE-2023-3050 (Critical)
  • Command Injection Vulnerability in TMT Lockcell (13 June 2023)

    A command injection vulnerability has been discovered in TMT Lockcell.
    CVE ID: CVE-2023-3049 (Critical)
  • SQL Injection Vulnerability in TMT Lockcell (13 June 2023)

    A SQL injection vulnerability has been discovered in TMT Lockcell.
    CVE ID: CVE-2023-3047 (Critical)
  • Microsoft Released June 2023 Security Updates (13 Jun 2023)

     Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-29357 (Critical), CVE-2023-29363 (Critical), CVE-2023-32014 (Critical), CVE-2023-32015 (Critical)
  • Adobe Released Security Updates for Multiple Products (13 Jun 2023)

     Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-29297 (Critical)
  • Fortinet Security Updates for FortiOS & FortiProxy (12 Jun 2023)

     Fortinet has released security updates to address Heap-based Buffer Overflow vulnerability in FortiOS & FortiProxy SSL-VPN that can allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
    CVE ID: CVE-2023-27997 (Critical)
  • Multiple Vulnerabilities in Fortinet Products (12 Jun 2023)

     Multiple vulnerabilities have been discovered in several Fortinet products. Security updates are available.
    CVE ID: CVE-2023-26210 (High), CVE-2023-28000 (Medium), CVE-2022-33877 (Medium), CVE-2023-25609 (Medium), CVE-2022-39946 (High), CVE-2023-22633 (High), CVE-2023-29178 (Medium), CVE-2022-43953 (Medium), CVE-2023-29175 (Medium), CVE-2023-22639 (Medium), CVE-2023-26207 (Low), CVE-2023-29181 (High), CVE-2023-29180 (High), CVE-2023-29179 (Medium), CVE-2022-42474 (Medium), CVE-2023-33305 (Medium), CVE-2022-41327 (High), CVE-2022-42478 (High), CVE-2023-26204 (Low), CVE-2022-43949 (Medium)
  • Red Hat Security Updates (09 Jun 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Fuji Electric Security Updates (08 Jun 2023)

     Fuji Electric has released security updates to address multiple vulnerabilities in V-Server, V-Server Lite, TELLUS, and TELLUS Lite. The affected versions are V-Server v4.0.15.0 and earlier, V-Server Lite v4.0.15.0 and earlier, TELLUS v4.0.15.0 and earlier, and TELLUS Lite v4.0.15.0 and earlier.
    CVE ID: CVE-2023-31239 (High), CVE-2023-32538 (High), CVE-2023-32273 (High), CVE-2023-32201 (High), CVE-2023-32288 (High), CVE-2023-32276 (High), CVE-2023-32270 (High), CVE-2023-32542 (High)
  • GitLab Security Update (07 Jun 2023)

     GitLab has released Community Edition and Enterprise Edition version 15.11.8 to resolve a number of regressions and bugs.

  • Cisco Released Security Updates for Multiple Products (07 Jun 2023)

     Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-20178 (High), CVE-2023-20108 (High), CVE-2023-20006 (High), CVE-2023-20188 (High), CVE-2023-20116 (High), CVE-2023-20136 (High)
  • Vulnerability in Splunk App for Stream (07 Jun 2023)

     An escalation of privilege vulnerability has been discovered in the Splunk App for Stream . The affected versions are Splunk App for Stream versions below 8.1.1.
    CVE ID: CVE-2023-32713 (Critical)
  • Vulnerability in Microworld Technologies eScan Management Console (07 Jun 2023)

     An escalation of privilege vulnerability has been discovered in Microworld Technologies eScan Management Console that allows to retrieve password of any admin or normal user in plain text format. The affected version is Microworld Technologies eScan Management Console 14.0.1400.2281.
    CVE ID: CVE-2023-33730 (Critical)
  • Vulnerability in EaseProbe (07 Jun 2023)

     A SQL injection vulnerability has been discovered in EaseProbe. The affected versions are EaseProbe before 2.1.0.
    CVE ID: CVE-2023-33967 (Critical)
  • Vulnerability in Deno (07 Jun 2023)

     An outbound HTTP request vulnerability has been discovered in Deno. The affected versions are deno 1.34.0 and deno_runtime 0.114.0.
    CVE ID: CVE-2023-33966 (Critical)
  • Vulnerability in EZ Sync Service (07 Jun 2023)

     A vulnerability has been discovered in EZ Sync service, which allows to navigate beyond the intended directory structure and delete files. The affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below, and ADM 4.2.1.RGE2 and below.
    CVE ID: CVE-2023-2909 (Critical)
  • Vulnerability in Dell NetWorker (07 Jun 2023)

     An OS command injection vulnerability has been discovered in Dell NetWorker client that can lead to the execution of arbitrary OS commands on the application's underlying OS. The affected version is Dell NetWorker 19.6.1.2.
    CVE ID: CVE-2023-25539 (Critical)
  • Vulnerability in ImageMagick (07 Jun 2023)

     A vulnerability has been discovered in ImageMagick that can cause Remote Code Execution (RCE) in OpenBlob with --enable-pipes configured.
    CVE ID: CVE-2023-34152 (Critical)
  • Vulnerability in RIOT-OS (07 Jun 2023)

     A vulnerability has been discovered in RIOT-OS that allows to send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The affected versions are RIOT-OS 2023.01 and prior.
    CVE ID: CVE-2023-33975 (Critical)
  • Cisco Security Updates for Cisco Expressway Series and Cisco TelePresence Video Communication Server (07 Jun 2023)

     Cisco has released security updates to resolve multiple privilege escalation vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server. The affected versions are Cisco Expressway Series and Cisco TelePresence Video Communication Server 14.0 and earlier.
    CVE ID: CVE-2023-20105 (Critical), CVE-2023-20192 (High)
  • VMware Security Update (07 Jun 2023)

     VMware has released security update to address command injection, authenticated deserialization, and information disclosure vulnerabilities in VMware Aria Operations for Networks. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-20887 (Critical), CVE-2023-20888 (Critical), CVE-2023-20889 (High)
  • Delta Electronics Security Update (06 Jun 2023)

     Delta Electronics has released a security update to address a stack-based buffer overflow and heap-based buffer overflow vulnerabilities in its equipment CNCSoft-B DOPSoft. The affected products are CNCSoft-B DOPSoft: versions 1.0.0.4 and prior.
    CVE ID: CVE-2023-25177 (High), CVE-2023-24014 (High)
  • Mozilla Released Security Updates (06 Jun 2023)

     Mozilla has released a security update to address multiple vulnerabilities in Firefox 114,and Firefox ESR 102.12. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-34414 (High), CVE-2023-34415 (Medium), CVE-2023-34416 (High), CVE-2023-34417 (High)
  • Vulnerability in Advanced Secure Gateway and Content Analysis (06 Jun 2023)

     A command injection vulnerability has been discovered in Advanced Secure Gateway and Content Analysis. The affected versions are Advanced Secure Gateway and Content Analysis prior to 7.3.13.1 / 3.1.6.0.
    CVE ID: CVE-2023-23952 (Critical)
  • Vulnerability in D-Link (06 Jun 2023)

     A Remote Command Execution (RCE) vulnerability has been discovered in D-Link DIR-846. The affected version is D-Link DIR-846 v1.00A52.
    CVE ID: CVE-2023-33735 (Critical)
  • Vulnerability in JetBrains TeamCity (06 Jun 2023)

     A bypass of permission vulnerability has been discovered in JetBrains TeamCity. The affected version is JetBrains TeamCity before 2023.05.
    CVE ID: CVE-2023-34218 (Critical)
  • Vulnerability in KramerAV VIA GO² (06 Jun 2023)

     A SQL Injection vulnerability has been discovered in KramerAV VIA GO². The affected versions are KramerAV VIA GO² prior to 4.0.1.1326.
    CVE ID: CVE-2023-33509 (Critical)
  • Vulnerability in KramerAV VIA GO² (06 Jun 2023)

     A Remote Code Execution (RCE) vulnerability has been discovered in KramerAV VIA GO². The affected versions are KramerAV VIA GO² prior to 4.0.1.1326.
    CVE ID: CVE-2023-33508 (Critical)
  • Vulnerability in TOTOLINK (06 Jun 2023)

     A command insertion vulnerability has been discovered in TOTOLINK X5000R that allows to execute arbitrary commands through the "ip" parameter. The affected versions are TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113.
    CVE ID: CVE-2023-33487 (Critical)
  • Vulnerability in TOTOLINK (06 Jun 2023)

     A command insertion vulnerability has been discovered in TOTOLINK X5000R that allows to execute arbitrary commands through the "hostName" parameter. The affected versions are TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113.
    CVE ID: CVE-2023-33486 (Critical)
  • Vulnerability in BlueCMS (06 Jun 2023)

     A SQL injection vulnerability has been discovered in BlueCMS. The affected version is BlueCMS v1.6.
    CVE ID: CVE-2023-33734 (Critical)
  • Vulnerability in edjing Mix for Android (06 Jun 2023)

     An escalation privilege vulnerability has been discovered in edjing Mix for Android. The affected version is edjing Mix v.7.09.01 for Android.
    CVE ID: CVE-2023-29734 (Critical)
  • Red Hat Security Updates (06 Jun 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Zyxel Security Updates (06 Jun 2023)

     Zyxel has released security updates to address privilege escalation, and buffer overflow vulnerabilities in GS1900 series switches, and 4G LTE and 5G NR outdoor routers respectively.
    CVE ID: CVE-2022-45853, CVE-2023-27989 
  • Multiple Vulnerabilities in Several IBM Products (06 Jun 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Ubuntu Released Security Updates for Multiple Products (05 Jun 2023)

     Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 23.04, Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
    CVE ID: CVE-2023-24329 (High), CVE-2023-1667 (Medium), CVE-2023-2283, CVE-2023-1729 (Medium), CVE-2021-32142 (High), CVE-2023-31489 (Medium), CVE-2023-31490 (High), CVE-2023-31484 (High)
  • WordPress Released Security Update for Visitor Traffic Real Time Statistics plugin (05 Jun 2023)

     WordPress has released security update to resolve an authentication bypass vulnerability in Visitor Traffic Real Time Statistics plugin. The affected versions are Visitor Traffic Real Time Statistics versions up to, and including, 6.7.

  • Google Released Security Updates for Chrome (05 Jun 2023)

     Google has released Chrome 114 (114.0.5735.60/.61) for Android, and Stable and extended stable channels 114.0.5735.106 for Mac and Linux and 114.0.5735.110 for Windows.
    CVE ID: CVE-2023-3079 (High)
  • GitLab Security Updates (05 Jun 2023)

     GitLab has released updated versions 16.0.2, 15.11.7, and 15.10.8 for GitLab Community Edition (CE) and Enterprise Edition (EE).

  • SUSE Security Updates (05 Jun 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Vulnerability in Abstrium Pydio Cells (05 Jun 2023)

     A vulnerability has been discovered in Abstrium Pydio Cells that leads to improper control of resource identifiers.The affected version is Abstrium Pydio Cells 4.2.0.
    CVE ID: CVE-2023-2980 (Critical)
  • Vulnerability in Abstrium Pydio Cells (05 Jun 2023)

     A vulnerability has been discovered in Abstrium Pydio Cells that leads to improper control of resource identifiers.The affected version is Abstrium Pydio Cells 4.2.0.
    CVE ID: CVE-2023-2979 (Critical)
  • Vulnerability in Abstrium Pydio Cells (05 Jun 2023)

     An authorization bypass vulnerability has been discovered in Abstrium Pydio Cells. The affected version is Abstrium Pydio Cells 4.2.0.
    CVE ID: CVE-2023-2978 (Critical)
  • Vulnerability in GitHub Repository (05 Jun 2023)

     A prototype pollution vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository antfu/utils prior to 0.7.3.
    CVE ID: CVE-2023-2972 (Critical)
  • Vulnerability in Emby Server (05 Jun 2023)

     A header spoofing vulnerability has been discovered in Emby Server that can allow administrative access to an Emby Server system, depending on certain user account settings. 
    CVE ID: CVE-2023-33193 (Critical)
  • Vulnerability in Pomerium (05 Jun 2023)

     A vulnerability has been discovered in Pomerium that can lead to incorrect authorisation decisions with specially crafted requests. 
    CVE ID: CVE-2023-33189 (Critical)
  • Vulnerability in HGiga PowerStation (05 Jun 2023)

     An information leakage vulnerability has been discovered in HGiga PowerStation that can allow to obtain the administrator's credentials.
    CVE ID: CVE-2023-24838 (Critical)
  • Moxa Security Updates (05 Jun 2023)

     Moxa has released security updates to resolve multiple Weak cryptographic algorithm vulnerabilities in Moxa CN2600 Series. The affected versions are CN2600 Series Firmware version 4.5 and lower.

  • FUJI ELECTRIC Security Update (02 Jun 2023)

     FUJI ELECTRIC released security update to address multiple vulnerabilities in FUJI ELECTRIC FRENIC RHC Loader. The affected versions are FRENIC RHC Loader v1.1.0.3 and earlier. 
    CVE ID: CVE-2023-29160 (High), CVE-2023-29167 (High), CVE-2023-29498 (Medium)
  • Red Hat Security Updates (02 Jun 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in WordPress Plugins (02 Jun 2023)

     Multiple vulnerabilities have been discovered in various WordPress plugins. Security updates & patches are available for some plugins.

  • Zyxel Security Updates (02 Jun 2023)

     Zyxel has released security updates to address multiple vulnerabilities related to a cyberattack targeting ZyWALL devices.
    CVE ID: CVE-2023-28771, CVE-2023-33009, CVE-2023-33010
  • SUSE Security Updates (02 Jun 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Microsoft Edge Security Update (02 Jun 2023)

     Microsoft has released Microsoft Edge Extended Stable Channel (Version 114.0.1823.37) to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-29345 (Medium), CVE-2023-33143 (High)
  • Vulnerability in Hitron Technologies (02 Jun 2023)

     Insufficient authentication vulnerability has been discovered in Hitron Technologies. The affected version is Hitron Technologies CODA-5310.
    CVE ID: CVE-2023-30604 (Critical)
  • Vulnerability in ELITE TECHNOLOGY CORP. (02 Jun 2023)

     SQL Injection vulnerability has been discovered in ELITE TECHNOLOGY CORP. Web Fax that can allow a remote attacker to perform arbitrary system commands, disrupt service or terminate service.
    CVE ID: CVE-2023-28701 (Critical)
  • Vulnerability in Wade Graphic Design FANTSY (02 Jun 2023)

     Insufficient authorization check vulnerability has been discovered in Wade Graphic Design FANTSY that can allow an unauthenticated remote user to perform arbitrary system operation, or disrupt service.
    CVE ID: CVE-2023-28698 (Critical)
  • Vulnerability in Tenda (02 Jun 2023)

     Stack-based buffer overflow vulnerability has been discovered in Tenda. The affected version is Tenda AC6 US_AC6V1.0BR_V15.03.05.19.
    CVE ID: CVE-2023-2923 (Critical)
  • Vulnerability in InstantPlay of Galaxy Store (02 Jun 2023)

     XSS vulnerability has been discovered in InstantPlay of Galaxy Store that allows attackers to execute javascript API to install APK from Galaxy Store. The affected versions are InstantPlay of Galaxy Store prior to version 4.5.49.8.
    CVE ID: CVE-2023-21516 (Critical)
  • Vulnerability in InstantPlay Deeplink of Galaxy Store (02 Jun 2023)

     Improper scheme validation vulnerability has been discovered in InstantPlay Deeplink of Galaxy Store that allows attackers to execute javascript API to install APK from Galaxy Store. The affected versions are InstantPlay Deeplink of Galaxy Store prior to version 4.5.49.8.
    CVE ID: CVE-2023-21514 (Critical)
  • Multiple Vulnerabilities in Several NetApp Products (01 Jun 2023)

     Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available for some products.
    CVE ID: CVE-2023-1829 (High), CVE-2023-1872 (High), CVE-2023-1989 (High), CVE-2023-30846 (High), CVE-2023-20873 (Critical), CVE-2023-2236 (High)
  • Vulnerability in Barracuda Email Security Gateway (01 Jun 2023)

    A remote command injection vulnerability has been discovered in Barracuda Email Security Gateway. The affected versions are Barracuda Email Security Gateway 5.1.3.001 to 9.2.0.006.
    CVE ID: CVE-2023-2868 (Critical)
  • Delta Electronics Security Update (01 Jun 2023)

    Delta Electronics has released a security update to address a use of hard-coded credentials vulnerability in its equipment DIAEnergie, that can lead to Remote Code Execution (RCE). The affected products are DIAEnergie version 1.9.03.009 and prior.
    CVE ID: CVE-2022-3214 (Critical)
  • Multiple Vulnerabilities in Advantech's Equipment (01 Jun 2023)

    Multiple vulnerabilities such as code injection and unrestricted upload of files with dangerous types have been discovered in Advantech's Equipment- WebAccess Node. The affected versions are Advantech WebAccess/SCADA 9.1.3 and prior. The mitigation is available.
    CVE ID: CVE-2023-32540 (High), CVE-2023-22450 (High), CVE-2023-32628 (High)
  • Vulnerability in HID (01 Jun 2023)

    It has been discovered that the External Visitor Manager portal of HID SAFE is vulnerable to manipulation within web fields in the Application Programmable Interface (API) that can result in exposure of personal data or create a Denial of Service (DoS) condition. The affected versions are HID SAFE 5.8.0 through 5.11.3.
    CVE ID: CVE-2023-2904 (High)
  • Vulnerability in Hitachi Energy's Equipment (01 Jun 2023)

    An improper input validation vulnerability has been discovered in Hitachi Energy's Equipment- Relion 670, 650, and SAM600-IO that can reboot the device regularly, resulting in a Denial of Service (DoS)   condition. The affected products are Relion 670 series: versions 1.1, 1.2.3, 2.0, 2.1, 2.2.2, 2.2.3, Relion 670/650 series:  version 2.2.0, Relion 670/650/SAM600-IO series: version 2.2.1, and Relion 650 series: versions 1.1, 1.2, 1.3. Security updates and mitigation are available.
    CVE ID: CVE-2021-27196 (High)
  • Ubuntu Released Security Updates for Multiple Products (01 Jun 2023)

    Ubuntu has released security updates to address several vulnerabilities in the Linux kernel, CUPS, and Avahi. The affected products are Ubuntu 18.04 ESM, Ubuntu 16.04 ESM, Ubuntu 14.04 ESM, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

  • Multiple Vulnerabilities in WordPress Plugins (01 Jun 2023)

    Multiple vulnerabilities have been discovered in various WordPress plugins. The affected plugins are Groundhogg plugin, Directorist plugin, Uncanny Toolkit for LearnDash plugin, wpForo Forum plugin, WP Directory Kit plugin, Bookly plugin, and Web Directory Free plugin. Security updates & patches are available for some plugins.
    CVE ID: CVE-2023-34178 (Medium), CVE-2023-1888 (High), CVE-2023-2249 (High), CVE-2023-2835 (Medium), CVE-2023-1889 (Medium), CVE-2023-1159 (Medium), CVE-2023-2201 (High)
  • Google Released Security Updates for Chrome (01 Jun 2023)

    Google has released Chrome Stable 114 (114.0.5735.99) for iOS, Dev channel OS version: 15474.9.0 Browser version: 115.0.5790.13 for most ChromeOS devices, dev channel 116.0.5803.2 for Windows, Mac and Linux, and Chrome Dev 116 (116.0.5803.0) for Android.

  • SUSE Security Updates (01 Jun 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (01 Jun 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Vulnerability in user_oidc App (01 Jun 2023)

    An authentication bypass vulnerability has been discovered in  user_oidc app, an OpenID Connect user backend for Nextcloud. Security update is available.
    CVE ID: CVE-2023-32074 (Critical)
  • Vulnerability in PrestaShop (01 Jun 2023)

    A SQL injection vulnerability has been discovered in the Store Commander scfixmyprestashop module of PrestaShop. The affected versions are Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop.
    CVE ID: CVE-2023-33279 (Critical)
  • Vulnerability in The Document Foundation LibreOffice (01 Jun 2023)

    An improper validation of array index vulnerability has been discovered in the spreadsheet component of The Document Foundation LibreOffice that can cause an array index underflow when loaded. The affected versions are The Document Foundation LibreOffice 7.4 versions prior to 7.4.6, and 7.5 versions prior to 7.5.1.
    CVE ID: CVE-2023-0950 (Critical)
  • Red Hat Security Updates (01 Jun 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Mitsubishi Electric's Equipment (01 Jun 2023)

     Multiple vulnerabilities have been discovered in Mitsubishi Electric's Equipment- MELSEC iQ-R Series/iQ-F Series EtherNet/IP modules and EtherNet/IP configuration tools that allow to connect to the module via FTP and bypass authentication to log in illegally.
    CVE ID: CVE-2023-2060 (High), CVE-2023-2061 (Medium), CVE-2023-2062 (Medium), CVE-2023-2063 (Medium)
  • Progress Security Updates (31 May 2023)

    Progress has released security updates to address a SQL injection vulnerability in MOVEit Transfer web application that can allow to gain unauthorized access to MOVEit Transfer's database. The affected versions are Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1).

  • Foxit PDF Editor Security Updates (31 May 2023)

    Foxit has released updated Foxit PDF Editor 11.2.6 to resolve multiple vulnerabilities in Foxit PDF Editor 11.2.5.53785 and all previous 11.x versions, 10.1.11.37866 and earlier.

  • CONPROSYS HMI System Security Update (31 May 2023)

     CONPROSYS HMI System (CHS) has released a security update to address multiple vulnerabilities in its products. The affected versions are CONPROSYS HMI System (CHS) versions prior to 3.5.3.
    CVE ID: CVE-2023-28713 (Medium), CVE-2023-28399 (High), CVE-2023-28657 (High), CVE-2023-28651 (Medium), CVE-2023-28824 (Medium), CVE-2023-29154 (Medium), CVE-2023-2758 (Low)
  • Ubuntu Released Security Updates for Multiple Products (31 May 2023)

     Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 23.04, Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 ESM, and Ubuntu 16.04 ESM.
    CVE ID: CVE-2022-0897 (Medium), CVE-2023-2700 (Medium), CVE-2023-32233 (High), CVE-2023-1380 (High), CVE-2023-2612 (Medium), CVE-2023-31436 (High), CVE-2023-30456 (Medium), CVE-2023-1523
  • WordPress Released Security Updates for Brizy Page Builder plugin (31 May 2023)

     WordPress has released security updates to resolve the IP Address Spoofing vulnerability in Brizy Page Builder plugin. The affected versions are Brizy Page Builder versions up to, and including, 2.4.18.
    CVE ID: CVE-2023-2897 (Low)
  • Multiple Vulnerabilities in WordPress Plugins (31 May 2023)

     Multiple vulnerabilities have been discovered in various WordPress plugins. The affected plugins are Donation Platform for WooCommerce: Fundraising & Donation Management plugin and Formidable Forms plugin. Security updates & patches are available.

  • Drupal Security Updates (31 May 2023)

     Drupal has released security updates to address multiple vulnerabilities in 3rd party plugins such as AddToAny Share Buttons, Consent Popup, and Iubenda Integration.

  • Google Released Security Updates for Chrome (31 May 2023)

     Google has released Dev channel OS version: 15474.5.0 Browser version: 115.0.5790.7 for most ChromeOS devices, Chrome Beta 115 (115.0.5790.13) for iOS, Chrome Beta 115 (115.0.5790.13) for Android, and Chrome Beta  115.0.5790.13 for Windows, Mac and Linux.

  • SUSE Security Updates (31 May 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Vulnerability in Windows (31 May 2023)

     A Remote Code Execution (RCE) vulnerability has been discovered in Windows Point-to-Point Protocol (PPP).
    CVE ID: CVE-2022-35744 (Critical)
  • Vulnerability in Camaleon CMS (31 May 2023)

     A Server-Side Template Injection (SSTI) vulnerability via the formats parameter has been discovered in Camaleon CMS. The affected version is Camaleon CMS v2.7.0
    CVE ID: CVE-2023-30145 (Critical)
  • Vulnerability in CBOT Chatbot (31 May 2023)

     A vulnerability that allows generation of incorrect security tokens has been discovered in CBOT Chatbot, causing token impersonation, and privilege abuse. The affected versions are Chatbot before Core: v4.0.3.4 Panel: v4.0.3.7.
    CVE ID: CVE-2023-2882 (Critical)
  • Vulnerability in SofaWiki (31 May 2023)

     A file upload vulnerability that leads to command execution has been discovered in SofaWiki .The affected versions are SofaWiki 3.8.9 and below.
    CVE ID: CVE-2023-29721 (Critical)
  • Vulnerability in Mitel MiVoice Connect (31 May 2023)

     An execute arbitrary script vulnerability has been discovered in Mitel MiVoice Connect. The affected versions are Mitel MiVoice Connect 19.3 SP2 (22.24.1500.0) and earlier.
    CVE ID: CVE-2023-31457 (Critical)
  • Vulnerability in SQLite JDBC (31 May 2023)

     A Remote Code Execution (RCE) vulnerability has been discovered in SQLite JDBC. The affected versions are Sqlite-jdbc 3.6.14.1 through 3.41.2.1. A security update is available.
    CVE ID: CVE-2023-32697 (Critical)
  • Vulnerability in Pleasanter (31 May 2023)

     A Cross Site Scripting (XSS) vulnerability has been discovered in Pleasanter. The affected versions are Pleasanter 1.3.38.1 and earlier.
    CVE ID: CVE-2023-30758 (Medium)
  • Vulnerability in DataSpider Servista (31 May 2023)

     Use of hard-coded cryptographic key vulnerability has been discovered in DataSpider Servista. The affected versions are DataSpider Servista 4.4 and earlier.
    CVE ID: CVE-2023-28937 (Medium)
  • Red Hat Security Updates (31 May 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (31 May 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Vulnerability in Wordapp plugin for WordPress (31 May 2023)

     An authorization bypass vulnerability has been discovered in Wordapp plugin for WordPress. The affected versions are Wordapp versions up to, and including, 1.5.0.
    CVE ID: CVE-2023-2987 (Critical)
  • Joomla Security Update (30 May 2023)

     Joomla has released a security update to resolve a Lack of rate limiting vulnerability in Joomla CMS that allows brute force attacks against MFA methods. The affected versions are Joomla CMS versions 4.2.0 to 4.3.1.
    CVE ID: CVE-2023-23755 (Critical)
  • OpenSSL Security Updates (30 May 2023)

    OpenSSL has released security updates to address a vulnerability in OpenSSL that can lead to a Denial of Service (DoS). The affected versions are OpenSSL 3.0.x ,  OpenSSL 3.1.x  , OpenSSL 1.1.1 and  OpenSSL 1.0.2.
    CVE ID: CVE-2023-2650 (Medium)
  • Vulnerability in Advantech's Equipment (30 May 2023)

     An insufficient type distinction vulnerability has been discovered in Advantech's Equipment- WebAccess/SCADA product that can allow full control over the supervisory control and data acquisition (SCADA) server. The affected version is WebAccess/SCADA 8.4.5. The mitigations are available.
    CVE ID: CVE-2023-2866 (High)
  • VMware Security Updates (30 May 2023)

     VMware has released security updates to address an insecure redirect vulnerability in Workspace ONE Access, Identity Manager and VMware Cloud Foundation that can allow to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.
    CVE ID: CVE-2023-20884 (Medium)
  • Multiple Vulnerabilities in WordPress Plugins (30 May 2023)

     Multiple vulnerabilities have been discovered in various WordPress plugins. Security updates & patches are available for some plugins.
    CVE ID: CVE-2023-2549 (High), CVE-2023-33923 (Medium), CVE-2023-2764 (Medium), CVE-2023-2304 (Medium), CVE-2023-2436 (Medium), CVE-2023-2547 (Medium), CVE-2023-1661 (Medium), CVE-2023-2434 (Low), CVE-2023-2545 (High), CVE-2023-33923 (Medium), CVE-2023-2435 (High), CVE-2023-2836 (Medium)
  • Google Released Security Updates for Chrome (30 May 2023)

     Google has released Chrome 114 (114.0.5735.57/.58) for Android, Beta channel OS version: 15437.311.0 Browser version: 114.0.5735.84 for most ChromeOS devices, Chrome Stable 114 (114.0.5735.50) for iOS, Chrome Stable channel 114.0.5735.90  for Linux and Mac & 114.0.5735.90/91 for Windows and Extended Stable channel 114.0.5735.90 for Mac & 114.0.5735.91 for Windows to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-2929 (High), CVE-2023-2930 (High), CVE-2023-2931 (High), CVE-2023-2932 (High), CVE-2023-2933 (High), CVE-2023-2934 (High), CVE-2023-2935 (High), CVE-2023-2936 (High), CVE-2023-2937 (Medium), CVE-2023-2938 (Medium), CVE-2023-2939 (Medium), CVE-2023-2940 (Medium), CVE-2023-2941 (Low)
  • Vulnerability in Hitachi Energy Products (30 May 2023)

     A logging security vulnerability has been discovered in  Hitachi Energy's FOXMAN-UN, and UNEM products. An attacker can exploit these vulnerabilities to take control of an affected system. The mitigations are available.
    CVE ID: CVE-2023-1711 (Medium)
  • Vulnerability in MStore API plugin (30 May 2023)

     An authentication bypass vulnerability has been discovered in MStore API plugin for WordPress. The affected versions are MStore API versions up to, and including, 3.9.1.
    CVE ID: CVE-2023-2734 (Critical)
  • Vulnerability in GarminOS TVM component of CIQ API (30 May 2023)

     A buffer overflow vulnerability has been discovered in GarminOS TVM component of CIQ API. The affected versions are GarminOS TVM component of CIQ API version 1.0.0 through 4.1.7.
    CVE ID: CVE-2023-23305 (Critical)
  • Vulnerability in GarminOS TVM component of CIQ API (30 May 2023)

     A vulnerability has been discovered in GarminOS TVM component of CIQ API that allows to disclose potentially private or sensitive information. The affected versions are GarminOS TVM component of CIQ API version 2.1.0 through 4.1.7.
    CVE ID: CVE-2023-23304 (Critical)
  • Vulnerability in Piwigo (30 May 2023)

     A SQL Injection vulnerability has been discovered in Piwigo. The affected version is Piwigo 13.6.0.
    CVE ID: CVE-2023-33362 (Critical)
  • Vulnerability in Piwigo (30 May 2023)

     A SQL Injection vulnerability has been discovered in Piwigo. The affected version is Piwigo 13.6.0.
    CVE ID: CVE-2023-33361 (Critical)
  • Vulnerability in Snow Monkey Forms (30 May 2023)

     A directory traversal vulnerability has been discovered in Snow Monkey Forms that allows to obtain sensitive information, alter the website, or cause a Denial of Service (DoS) condition. The affected versions are Snow Monkey Forms v5.0.6 and earlier.
    CVE ID: CVE-2023-28413 (Critical)
  • Vulnerability in MicroEngine Mailform (30 May 2023)

     A path traversal vulnerability has been discovered in MicroEngine Mailform  that allows to save an arbitrary file on the server and execute it.  The affected versions are MicroEngine Mailform 1.1.0 to 1.1.8.
    CVE ID: CVE-2023-27507 (Critical)
  • Vulnerability in Drive Explorer for macOS (30 May 2023)

     A code injection vulnerability has been discovered in Drive Explorer for macOS that allows to read and/or write to arbitrary files without the access privileges. The affected versions are Drive Explorer for macOS versions 3.5.4 and earlier.
    CVE ID: CVE-2023-25953 (Critical)
  • Vulnerability in D-Link DIR-300 Firmware (30 May 2023)

     It has been discovered that D-Link DIR-300 firmware is vulnerable to file inclusion via /model/__lang_msg.php. The affected versions are D-Link DIR-300 firmware REVA1.06 and below, and REVB2.06 and below.
    CVE ID: CVE-2023-31814 (Critical)
  • Vulnerability in SolarView Compact (30 May 2023)

     It has been discovered that SolarView Compact is vulnerable to insecure permissions. The affected versions are SolarView Compact 6.0 and below.
    CVE ID: CVE-2023-29919 (Critical)
  • Vulnerability in Sitecore Experience Platform (30 May 2023)

     A deserialization of untrusted data vulnerability has been discovered in Sitecore Experience Platform that allows to run arbitrary code via ValidationResult.aspx.The affected versions are Sitecore Experience Platform through 10.2.
    CVE ID: CVE-2023-27068 (Critical)
  • Debian Security Update (30 May 2023)

     Debian has released a security update to resolve a buffer overflow vulnerability in Kamailio SIP telephony server. The affected versions are Kamailio SIP server before 5.5.0.
    CVE ID: CVE-2020-27507 (Critical)
  • Starlette Security Update (30 May 2023)

    Starlette has released security update to address a directory traversal vulnerability in its products. The affected versions are Starlette 0.13.5 and later and prior to 0.27.0.
    CVE ID: CVE-2023-29159 (Low)
  • Zyxel Security Updates (30 May 2023)

    Zyxel has released security updates to address a post-authentication command injection vulnerability in NAS products. The affected versions are NAS326 V5.21(AAZF.12)C0 & earlier, NAS540 V5.21(AATB.9)C0 & earlier, and NAS542 V5.21(ABAG.9)C0 & earlier.
    CVE ID: CVE-2023-27988
  • Ubuntu Released Security Updates for Multiple Products (29 May 2023)

    Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 23.04, Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
    CVE ID: CVE-2023-31484 (High), CVE-2023-30861 (High), CVE-2023-28486 (Medium), CVE-2023-28487 (Medium), CVE-2021-28277 (High), CVE-2021-28275 (Medium), CVE-2021-3496 (High), CVE-2021-3570 (High)
  • Google Released Security Update for Chrome (29 May 2023)

    Google has released Chrome Beta 114 (114.0.5735.58) for Android.

  • SUSE Security Updates (29 May 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Debian Security Updates (29 May 2023)

    Debian has released security updates to resolve multiple vulnerabilities in libssh, and sssd.
    CVE ID: CVE-2019-14889 (High), CVE-2023-1667, CVE-2018-16838 (Medium), CVE-2019-3811 (Medium), CVE-2021-3621 (High), CVE-2022-4254 (High)
  • Vulnerability in Netbox (29 May 2023)

    A vulnerability has been discovered in Netbox that allows to execute queries against the GraphQL database, granting access to sensitive data stored in the database. The affected version is Netbox v3.5.1.
    CVE ID: CVE-2023-33796 (Critical)
  • Red Hat Security Updates (29 May 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • WordPress Released Security Updates for WP EasyCart plugin (27 May 2023)

    WordPress has released security updates to resolve multiple Cross Site Request Forgery (CSRF) vulnerabilities in WP EasyCart plugin. The affected versions are WP EasyCart versions up to, and including, 5.4.8.
    CVE ID: CVE-2023-2896 (Medium), CVE-2023-2895 (Medium), CVE-2023-2894 (Medium), CVE-2023-2893 (Medium), CVE-2023-2892 (Medium), CVE-2023-2891 (Medium)
  • Vulnerability in ESS REC Agent Server Edition for Linux (26 May 2023)

    A directory traversal vulnerability has been discovered in ESS REC Agent Server Edition for Linux. The affected versions are ESS REC Agent Server Edition for Linux V1.0.0 to V1.4.3, ESS REC Agent Server Edition for Solaris V1.1.0 to V1.4.0, ESS REC Agent Server Edition for HP-UX V1.1.0 to V1.4.0, and ESS REC Agent Server Edition for AIX V1.2.0 to V1.4.1.
    CVE ID: CVE-2023-28382 (High)
  • Cisco Security Updates (26 May 2023)

    Cisco has released security updates to address the CLI arbitrary file write vulnerability in Cisco Firepower Threat Defense (FTD) software that can allow to overwrite or append arbitrary data to system files using root-level privileges.
    CVE ID: CVE-2021-34761 (High)
  • Red Hat Security Updates (26 May 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in AGT Tech Ceppatron (25 May 2023)

    SQL Injection vulnerability has been discovered in AGT Tech Ceppatron. All versions of AGT Tech Ceppatron software are affected.
    CVE ID: CVE-2023-2851 (Critical)
  • Vulnerability in CBOT Chatbot (25 May 2023)

    Authentication Bypass vulnerability has been discovered in CBOT Chatbot. The affected versions are Chatbot before Core: v4.0.3.4 Panel: v4.0.3.7.
    CVE ID: CVE-2023-2887 (Critical)
  • WordPress Released Security Update for User Activity Log plugin (25 May 2023)

    WordPress released security update to resolve a SQL Injection vulnerability in User Activity Log plugin. The affected versions are User Activity Log versions up to, and including, 1.6.1.

  • Google Released Security Updates for Chrome (25 May 2023)

    Google has released dev channel 115.0.5790.3 for Windows, Mac and Linux, LTS channel 108.0.5359.232 (Platform Version: 15183.95.0) for most ChromeOS devices, and Chrome Dev 115 (115.0.5790.5) for Android.
    CVE ID: CVE-2023-2458 (High)
  • SUSE Security Updates (25 May 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Vulnerability in CBOT Chatbot (25 May 2023)

    Channel Accessible by Non-Endpoint vulnerability has been discovered in CBOT Chatbot that allows Adversary in the Middle (AiTM). The affected versions are Chatbot before Core: v4.0.3.4 Panel: v4.0.3.7.
    CVE ID: CVE-2023-2885 (Critical)
  • Vulnerability in CBOT Chatbot (25 May 2023)

    Generation of Incorrect Security Tokens vulnerability has been discovered in CBOT Chatbot that allows Token Impersonation, Privilege Abuse. The affected versions are Chatbot before Core: v4.0.3.4 Panel: v4.0.3.7.
    CVE ID: CVE-2023-2882 (Critical)
  • Vulnerability in GitHub Repository (25 May 2023)

    NULL Pointer Dereference vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository gpac/gpac prior to 2.2.2.
    CVE ID: CVE-2023-2840 (Critical)
  • Vulnerability in GitHub Repository (25 May 2023)

    Out-of-bounds Read vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository gpac/gpac prior to 2.2.2.
    CVE ID: CVE-2023-2838 (Critical)
  • Vulnerability in IBM InfoSphere Information Server (25 May 2023)

    Remote code execution vulnerability has been discovered in IBM InfoSphere Information Server. The affected version is IBM InfoSphere Information Server 11.7.
    CVE ID: CVE-2023-32336 (Critical)
  • Vulnerability in Linux kernel (25 May 2023)

    Use-after-free vulnerability has been discovered in Linux kernel. 
    CVE ID: CVE-2023-33250 (Critical)
  • Vulnerability in WooCommerce Memberships for Multivendor Marketplace plugin for WordPress (25 May 2023)

    Insecure Direct Object References vulnerability has been discovered in WooCommerce Memberships for Multivendor Marketplace plugin for WordPress. The affected versions are WooCommerce Memberships for Multivendor Marketplace plugin versions up to, and including, 2.10.7.
    CVE ID: CVE-2023-2276 (Critical)
  • Vulnerability in SEMCMS (25 May 2023)

    SQL Injection vulnerability has been discovered in SEMCMS. The affected version is SEMCMS 1.5.
    CVE ID: CVE-2023-31707 (Critical)
  • Vulnerability in PerfreeBlog (25 May 2023)

    An arbitrary file upload vulnerability has been discovered in PerfreeBlog. The affected version is PerfreeBlog v3.1.2.
    CVE ID: CVE-2023-30333 (Critical)
  • Vulnerability in TOTOLINK A3300R (25 May 2023)

    Command Injection vulnerability has been discovered in TOTOLINK A3300R. The affected version is TOTOLINK A3300R v17.0.0cu.557.
    CVE ID: CVE-2023-31729 (Critical)
  • Vulnerability in GitHub Repository (25 May 2023)

    Path Traversal vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository mlflow/mlflow prior to 2.3.1.
    CVE ID: CVE-2023-2780 (Critical)
  • Vulnerability in D-Link DIR-605L (25 May 2023)

    Stack overflow vulnerability has been discovered in D-Link DIR-605L. The affected version is D-Link DIR-605L firmware version 1.17B01 BETA.
    CVE ID: CVE-2023-29961 (Critical)
  • Vulnerability in Synology Router Manager (25 May 2023)

    OS Command Injection vulnerability has been discovered in the CGI component of Synology Router Manager (SRM) that allows remote attackers to execute arbitrary code via unspecified vectors. The affected versions are Synology Router Manager before 1.2.5-8227-6 and 1.3.1-9346-3.
    CVE ID: CVE-2023-32956 (Critical)
  • Vulnerability in IDURAR ERP/CRM (25 May 2023)

    SQL injection vulnerability has been discovered in IDURAR ERP/CRM. The affected versions are IDURAR ERP/CRM v1.
    CVE ID: CVE-2023-27742 (Critical)
  • Moxa Security Updates (25 May 2023)

    Moxa has released security updates to resolve command injection and Use of Hard-coded credentials vulnerabilities in Moxa MXsecurity Series. The affected versions are MXsecurity Series Software v1.0.
    CVE ID: CVE-2023-33235 (High), CVE-2023-33236 (Critical)
  • Ubuntu Released Security Updates for Multiple Products (25 May 2023)

    Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
    CVE ID: CVE-2023-1075 (Low), CVE-2023-32269 (Medium), CVE-2023-0459 (Medium), CVE-2023-1118 (High), CVE-2023-1078 (High), CVE-2022-3707 (Medium), CVE-2023-1513 (Low), CVE-2023-2162 (Medium), CVE-2023-31047 (Critical), CVE-2022-41751 (High), CVE-2021-34055 (High)
  • Vulnerability in Wacom Tablet Driver installer for macOS (25 May 2023)

     It has been discovered that Wacom Tablet Driver installer for macOS contains an improper link resolution before file access vulnerability. The affected versions are Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS).
    CVE ID: CVE-2023-27529 (High)
  • Red Hat Security Updates (25 May 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • WordPress Released Security Update for MStore API plugin (25 May 2023)

     WordPress has released security update to resolve an authentication bypass vulnerability in MStore API plugin. The affected versions are MStore API versions up to, and including, 3.9.2.
    CVE ID: CVE-2023-2732 (Critical)
  • Dell Security Updates (24 May 2023)

    Dell has released security updates to address multiple vulnerabilities in PowerPath Windows that can be exploited to compromise the affected system. The affected versions are PowerPath Windows 7.0, 7.1 & 7.2.
    CVE ID: CVE-2023-28079 (High), CVE-2023-28080 (Medium), CVE-2023-32448 (Medium)
  • Ubuntu Released Security Updates for Multiple Products (24 May 2023)

     Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 20.04 LTS, Ubuntu 18.04 ESM, Ubuntu 16.04 ESM, Ubuntu 14.04 ESM, Ubuntu 23.04, Ubuntu 22.10, and Ubuntu 22.04 LTS.
    CVE ID: CVE-2023-2454 (High), CVE-2023-2455, CVE-2023-1972, CVE-2023-25588 (Medium), CVE-2023-25585, CVE-2023-25584, CVE-2023-1579 (High)
  • WordPress Released Security Update for Easy Google Maps plugin (24 May 2023)

     WordPress released security update to resolve a Cross-Site Request Forgery (CSRF)vulnerability in Easy Google Maps plugin. The affected versions are Easy Google Maps versions up to, and including, 1.11.7.
    CVE ID: CVE-2023-2526 (Medium)
  • WordPress Released Security Update for Uncanny Automator plugin (24 May 2023)

     WordPress released security update to resolve a Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Automator plugin. The affected versions are Uncanny Automator versions up to, and including, 4.14.

  • GitLab Security Update (24 May 2023)

     GitLab has released Community Edition and Enterprise Edition version 15.11.6 to resolve a number of regressions and bugs.

  • Zyxel Security Updates (24 May 2023)

     Zyxel has released security updates to address multiple buffer overflow vulnerabilities in its firewalls.
    CVE ID: CVE-2023-33009, CVE-2023-33010
  • Google Released Security Updates for Chrome (24 May 2023)

     Google has released Chrome 114 (114.0.5735.52/.53) for Android, Beta channel 114.0.5735.45 for Windows, Linux and Mac, Stable channel 114.0.5735.45 for Windows and Mac, Chrome Beta 114 (114.0.5735.53) for Android, and Chrome Beta 114 (114.0.5735.49) for iOS.

  • SUSE Security Updates (24 May 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Vulnerability in Minova Technology eTrace (24 May 2023)

     A SQL injection vulnerability has been discovered in Minova Technology eTrace. The affected versions are Minova Technology eTrace before 23.05.20.
    CVE ID: CVE-2023-2064 (Critical)
  • Vulnerability in Ipekyolu Software Auto Damage Tracking Software (24 May 2023)

     A SQL injection vulnerability has been discovered in Ipekyolu Software's Auto Damage Tracking Software. The affected versions are Auto Damage Tracking Software before 4.
    CVE ID: CVE-2023-2045 (Critical)
  • Vulnerability in Cityboss E-municipality (24 May 2023)

     A SQL injection vulnerability has been discovered in Cityboss's  E-municipality. The affected versions are E-municipality before 6.05.
    CVE ID: CVE-2023-2750 (Critical)
  • Vulnerability in Prestashop posstaticblocks (24 May 2023)

     A SQL Injection vulnerability has been discovered in Prestashop posstaticblocks. The affected versions are Prestashop posstaticblocks 1.0.0 and prior versions.
    CVE ID: CVE-2023-30189 (Critical)
  • Vulnerability in Jenkins Pipeline Utility Steps Plugin (24 May 2023)

     An arbitrary file write vulnerability has been discovered in Jenkins Pipeline Utility Steps Plugin. The affected versions are Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier.
    CVE ID: CVE-2023-32981 (Critical)
  • Vulnerability in Glazedlists (24 May 2023)

     An XML deserialization vulnerability has been discovered in glazedlist that allows to execute arbitrary code. The affected versions are glazedlists v1.11.0.
    CVE ID: CVE-2023-31890 (Critical)
  • Vulnerability in SnapCenter (24 May 2023)

     A vulnerability has been discovered in SnapCenter that allows to gain access as an admin user. The affected versions are SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1.
    CVE ID: CVE-2023-1096 (Critical)
  • Vulnerability in Edimax Wireless Router (24 May 2023)

     A command injection vulnerability has been discovered in Edimax Wireless Router that allows to execute arbitrary code. The affected version is Edimax Wireless Router N300 Firmware BR-6428NS_v4.
    CVE ID: CVE-2023-31983 (Critical)
  • Vulnerability in Maximilian Vogt companymaps (24 May 2023)

     A SQL injection vulnerability has been discovered in Maximilian Vogt companymaps (cmaps) that allows to execute arbitrary code. 
    CVE ID: CVE-2023-29809 (Critical)
  • Multiple vulnerabilities in Canon Printers (24 May 2023)

    Multiple vulnerabilities have been discovered in Canon Office/Small Office Multifunction Printers, Laser Printers and Inkjet Printers. The updates are available.
    CVE ID: CVE-2023-0851 (Critical), CVE-2023-0854 (Critical), CVE-2023-0852 (Critical), CVE-2023-0853 (Critical), CVE-2023-0855 (Critical), CVE-2023-0856 (Critical), CVE-2022-43974 (High), CVE-2022-43608 (High), CVE-2023-0857 (Medium), CVE-2023-0858 (Low), CVE-2023-0859 (Low)
  • Red Hat Security Updates (24 May 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in Word Press Developer's 'Essential Addons for Elementor' Plugin (23 May 2023)

     An  improper authentication vulnerability has been discovered in Word Press Developer's  Essential Addons for Elementor plugin that can cause privilege escalation. The affected products are Essential Addons for Elementor pulgin from 5.4.0 through 5.7.1. The updates are available.
    CVE ID: CVE-2023-32243 (Critical)
  • Dell Security Updates (23 May 2023)

     Dell has released security updates to address Tianocore EDK2 vulnerability in Dell PowerEdge Server that can be exploited to compromise the affected system.
    CVE ID: CVE-2021-38578 (Medium)
  • Dell Security Updates (23 May 2023)

     Dell has released security updates to address multiple OpenSSL vulnerabilities in Dell PowerEdge Server that can be exploited to compromise the affected system.
    CVE ID: CVE-2023-0215 (Medium), CVE-2022-4450 (Medium), CVE-2023-0286 (High), CVE-2022-4304 (Medium)
  • Multiple Vulnerabilities in Horner Automation's Equipment (23 May 2023)

    Multiple vulnerabilities have been discovered in Horner Automation's Equipment- Cscape & Cscape EnvisionRV that allow to disclose information and execute arbitrary code. The affected versions are Horner Automation’s Cscape v9.90 SP8, and Cscape EnvisionRV: v4.70.
    CVE ID: CVE-2023-29503 (High), CVE-2023-32281 (High), CVE-2023-32289 (High), CVE-2023-32545 (High), CVE-2023-27916 (High), CVE-2023-28653 (High), CVE-2023-31244 (High), CVE-2023-32203 (High), CVE-2023-32539 (High), CVE-2023-31278 (High)
  • Ubuntu Released Security Updates for Multiple Products (23 May 2023)

    Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 20.04 LTS, Ubuntu 18.04 ESM, Ubuntu 16.04 ESM, Ubuntu 14.04 ESM, Ubuntu 23.04, Ubuntu 22.10, and Ubuntu 22.04 LTS.

  • VMware Security Updates (23 May 2023)

    VMware has released security updates to address a reflected Cross Site Scripting (XSS) vulnerability in NSX-T which allows to inject HTML or JavaScript to redirect to malicious pages.
    CVE ID: CVE-2023-20868 (Medium)
  • Multiple Vulnerabilities in WordPress Plugins (23 May 2023)

    Multiple vulnerabilities have been discovered in various WordPress plugins. The affected plugins are Go Pricing - WordPress Responsive Pricing Tables plugin, WordPress File Upload / WordPress File Upload Pro plugin, and WooCommerce Shipping & Tax plugin. Security updates & patches are available.
    CVE ID: CVE-2023-2498 (Medium), CVE-2023-2767 (Medium), CVE-2023-2496 (High), CVE-2023-2494 (Medium), CVE-2023-2688 (Medium)
  • Apple Security Updates (23 May 2023)

    Apple has released security updates to address elevated privilege vulnerabilities in iTunes 12.12.9 for Windows 10 and later. An attacker can exploit some of these vulnerabilities to take control of an affected device.
    CVE ID: CVE-2023-32353, CVE-2023-32351
  • Google Released Security Updates for Chrome (23 May 2023)

    Google has released Chrome 113 (113.0.5672.162/.163) for Android.

  • SUSE Security Updates (23 May 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (23 May 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • GitLab Security Updates (23 May 2023)

    GitLab has released updated versions 16.0.1 for GitLab Community Edition (CE) and Enterprise Edition (EE).
    CVE ID: CVE-2023-2825 (Critical)
  • Vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software (23 May 2023)

    A SQL injection vulnerability has been discovered in Adam Retail Automation Systems Mobilmen Terminal Software. The affected versions are Mobilmen Terminal Software before 3.
    CVE ID: CVE-2023-1508 (Critical)
  • Vulnerability in FLIR-DVTEL (23 May 2023)

    A vulnerability has been discovered in FLIR-DVTEL that allows to execute arbitrary code via a crafted request to the management page of the device.
    CVE ID: CVE-2023-29861 (Critical)
  • Vulnerability in WP Visitor Statistics (Real Time Traffic) WordPress plugin (23 May 2023)

    A SQL injection vulnerability has been discovered in the FWP Visitor Statistics (Real Time Traffic) WordPress plugin.The affected versions are WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9.
    CVE ID: CVE-2023-0600 (Critical)
  • Vulnerability in Edimax Wireless Router (23 May 2023)

    A command injection vulnerability has been discovered in Edimax Wireless Router that allows to execute arbitrary code. The affected version is Edimax Wireless Router N300 Firmware BR-6428NS_v4.
    CVE ID: CVE-2023-31986 (Critical)
  • Vulnerability in Optoma 1080PSTX C02 (23 May 2023)

    An authentication bypass vulnerability has been discovered in Optoma 1080PSTX C02 that allows to access the administration console without valid credentials.
    CVE ID: CVE-2023-27823 (Critical)
  • Vulnerability in SoftExpert (SE) Excellence Suite (23 May 2023)

    It has been discovered that SoftExpert (SE) Excellence Suite is vulnerable to Local File Inclusion in the function. The affected versions are SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3.
    CVE ID: CVE-2023-30330 (Critical)
  • Mitsubishi Electric Security Update (23 May 2023)

     Mitsubishi Electric has released security update to address buffer overflow vulnerability in MELSEC Series CPU modules that leads to Denial of Service(DoS) and malicious code execution. The affected products are MELSEC iQ-F series version 1.220 and later.
    CVE ID: CVE-2023-1424 (Critical)
  • Red Hat Security Updates (23 May 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in Tenda AC5 Router (22 May 2023)

     A Remote Code Execution (RCE) vulnerability has been discovered in Tenda AC5 router. The affected version is Tenda AC5 router V15.03.06.28.
    CVE ID: CVE-2023-31587 (Critical)
  • Vulnerability in Pharmacy Management System (22 May 2023)

     A SQL injection vulnerability has been discovered in Pharmacy Management System. The affected version is Pharmacy Management System v1.0.
    CVE ID: CVE-2023-31519 (Critical)
  • Vulnerability in RegistrationMagic Plugin for WordPress (22 May 2023)

     An authentication bypass vulnerability has been discovered in RegistrationMagic plugin for WordPress. The affected versions are RegistrationMagic plugin for WordPress versions up to, and including 5.2.1.0.
    CVE ID: CVE-2023-2499 (Critical)
  • Vulnerability in LavaLite CMS (22 May 2023)

     It has been discovered LavaLite CMS is vulnerable to Web cache poisoning. The affected version is LavaLite CMS v 9.0.0.
    CVE ID: CVE-2023-27238 (Critical)
  • Vulnerability in Prestashop (22 May 2023)

     A SQL Injection vulnerability has been discovered in Prestashop. The affected version is Prestashop possearchproducts 1.7.
    CVE ID: CVE-2023-30192 (Critical)
  • Ubuntu Released Security Updates for Multiple Products (22 May 2023)

     Ubuntu has released security updates to address several vulnerabilities in the Linux kernel and tar. The affected products are Ubuntu 18.04 ESM, Ubuntu 16.04 ESM, Ubuntu 22.10, Ubuntu 22.04 LTS, and Ubuntu 23.04.

  • Vulnerability in Tornado (22 May 2023)

     An open redirect vulnerability has been discovered in Tornado that allows to redirect to an arbitrary website, resulting in a phishing attack. The affected versions are Tornado versions 6.3.1 and earlier.
    CVE ID: CVE-2023-28370 (Low)
  • SUSE Security Updates (22 May 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (22 May 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • CVE - KB Correlation (22 May 2023)

    List of CVE IDs and corresponding Knowledge Base IDs as released by Microsoft during May 2023.

  • Red Hat Security Updates (22 May 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (22 May 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Vulnerability in Ideasoft's E-commerce Platform (20 May 2023)

    Unrestricted Upload of File with Dangerous Type vulnerability has been discovered in "Rental Module" of Ideasoft's E-commerce Platform. This issue affects Rental Module: before 23.05.15.
    CVE ID: CVE-2023-2712 (Critical)
  • GitLab Security Update (19 May 2023)

     GitLab has released Community Edition and Enterprise Edition version 15.11.5 to resolve a number of regressions and bugs.

  • Google Released Security Updates for Chrome (19 May 2023)

    Google has released Stable channel 113.0.5672.134 (Platform version: 15393.58.0) for most ChromeOS devices.

  • SUSE Security Updates (19 May 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Vulnerability in Judging Management System (18 May 2023)

     A SQL injection vulnerability has been discovered in Judging Management System that allows to execute arbitrary code via the contestant_id parameter. The affected version is Judging Management System v.1.0.
    CVE ID: CVE-2023-30246 (Critical)
  • Vulnerability in PHP Gurukul Hospital Management System In (18 May 2023)

     A privilege escalation vulnerability has been discovered in PHP Gurukul Hospital Management System that allows to execute arbitrary code and access sensitive information via the session token parameter. The affected version is PHP Gurukul Hospital Management System In v.4.0.
    CVE ID: CVE-2023-31498 (Critical)
  • Vulnerability in LuaTeX, TeX Live & MiKTeX (18 May 2023)

     A vulnerability has been discovered in LuaTeX, TeX Live & MiKTeX that allows to make arbitrary network requests. The affected versions are LuaTeX before 1.17.0, TeX Live before 2023 r66984 and MiKTeX before 23.5.
    CVE ID: CVE-2023-32668 (Critical)
  • Multiple Vulnerabilities in Johnson Controls (18 May 2023)

     Multiple vulnerabilities have been discovered in Johnson Controls' OpenBlue Enterprise Manager Data Collector firmware which can lead to exposure of sensitive information. All OpenBlue Enterprise Manager Data Collector firmware versions prior to 3.2.5.75 are affected.
    CVE ID: CVE-2023-2024, CVE-2023-2025
  • Microsoft Edge Security Updates (18 May 2023)

     Microsoft has released Microsoft Edge Stable Channel (Version 113.0.1774.50), and Microsoft Edge Extended Stable Channel (Version Version 112.0.1722.84) to resolve multiple vulnerabilities.

  • Vulnerability in Carlo Gavazzi's Equipment (18 May 2023)

     A path traversal vulnerability has been discovered in Carlo Gavazzi's Equipment- Powersoft that allows to access and retrieve any file from the server. The affected version is Powersoft 2.1.1.1 and prior. Carlo Gavazzi will not issue a fix as this product is end-of-life.
    CVE ID: CVE-2017-20184 (High)
  • Vulnerability in Mitsubishi Electric's Equipment (18 May 2023)

     An authentication bypass vulnerability has been discovered in Mitsubishi Electric's Equipment- MELSEC WS Ethernet Interface Module. All versions of MELSEC WS Series WS0-GETH00200 are affected.
    CVE ID: CVE-2023-1618 (High)
  • Apple Security Updates (18 May 2023)

     Apple has released security updates to address multiple vulnerabilities in its various products. An attacker can exploit some of these vulnerabilities to take control of an affected device.
    CVE ID: CVE-2023-32402, CVE-2023-32423, CVE-2023-32409, CVE-2023-28204, CVE-2023-32373, CVE-2023-32388, CVE-2023-32400, CVE-2023-32399, CVE-2023-28191, CVE-2023-32417, CVE-2023-32392, CVE-2023-32372, CVE-2023-32384, CVE-2023-32354, CVE-2023-32420, CVE-2023-27930, CVE-2023-32398, CVE-2023-32413, CVE-2023-32352, CVE-2023-32407, CVE-2023-32368, CVE-2023-32403, CVE-2023-32390, CVE-2023-32357, CVE-2023-32391, CVE-2023-32404, CVE-2023-32394, CVE-2023-32376, CVE-2023-28202, CVE-2023-32412, CVE-2023-32408, CVE-2023-32389
  • Microsoft Edge Security Update (18 May 2023)

    Microsoft has released Microsoft Edge Stable Channel (Version 113.0.1774.50) and Microsoft Edge Extended Stable Channel (Version Version 112.0.1722.84) to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-2726, CVE-2023-2725, CVE-2023-2724, CVE-2023-2723, CVE-2023-2722, CVE-2023-2721
  • Ubuntu Released Security Updates for Multiple Products (18 May 2023)

    Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS,  Ubuntu 16.04 ESM and Ubuntu 14.04 ESM.

  • Cisco Released Security Updates for Cisco Small Business Series Switches (17 May 2023)

     Cisco has released security updates to address several vulnerabilities in Cisco Small Business Series switches. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-20024 (High), CVE-2023-20156 (High), CVE-2023-20157 (High), CVE-2023-20158 (High), CVE-2023-20159 (Critical), CVE-2023-20160 (Critical), CVE-2023-20161 (Critical), CVE-2023-20162 (High), CVE-2023-20189 (Critical)
  • Drupal Security Update (17 May 2023)

     Drupal has released a security update to address the Server Side Request Forgery (SSRF)  vulnerability that leads to information disclosure when File Chooser Field allows to upload files using 3rd party plugins such as Google Drive and Dropbox.

  • Cisco Released Security Updates for Multiple Products (17 May 2023)

     Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2022-20864 (Medium), CVE-2023-20110 (Medium), CVE-2023-20173 (Medium), CVE-2023-20174 (Medium), CVE-2023-20166 (Medium), CVE-2023-20167 (Medium), CVE-2023-20163 (Medium), CVE-2023-20164 (Medium), CVE-2023-20077 (Medium), CVE-2023-20087 (Medium), CVE-2023-20106 (Medium), CVE-2023-20171 (Medium), CVE-2023-20172 (Medium), CVE-2023-20182 (Medium), CVE-2023-20183 (Medium), CVE-2023-20184 (Medium), CVE-2023-20003 (Medium)
  • Huawei Security Update (17 May 2023)

     Huawei has released a security update to address a traffic hijacking vulnerability in Huawei routers. The affected version is B535-232a 2.0.0.1(H318SP5C983).
    CVE ID: CVE-2022-48469 (High)
  • Vulnerability in Weaver E-Office (17 May 2023)

     A vulnerability has been discovered in Weaver E-Office 9.5 in which manipulation of the argument Filedata leads to unrestricted upload, which allows to initiate the attack remotely.
    CVE ID: CVE-2023-2648 (Critical)
  • Vulnerability in Shenzen Tenda Technology IP Camera CP3 (17 May 2023)

     A Remote Code Execution (RCE) vulnerability via an XML document has been discovered in Shenzen Tenda Technology IP Camera CP3. The affected version is Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355.
    CVE ID: CVE-2023-30353 (Critical)
  • Vulnerability in Shenzen Tenda Technology IP Camera CP3 (17 May 2023)

     A hard-coded default password vulnerability has been discovered in Shenzen Tenda Technology IP Camera CP3. The affected version is Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355.
    CVE ID: CVE-2023-30352 (Critical)
  • Vulnerability in rocket.chat Platform (17 May 2023)

     A vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. This vulnerability can allow an attacker to maintain access to a compromised account even after 2FA is enabled.
    CVE ID: CVE-2023-28316 (Critical)
  • Vulnerability in GitHub Repository (17 May 2023)

     An OS command injection vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository appium/appium-desktop prior to v1.22.3-4.
    CVE ID: CVE-2023-2479 (Critical)
  • Red Hat Security Updates (17 May 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Trend Micro Security Updates (16 May 2023)

     Trend Micro has released updates to address an insecure DLL loading vulnerability in Trend Micro Security. The affected products are Trend Micro Security 2022/2023 17.7.1476 and earlier, and Trend Micro Security 2021 17.0.1412 and earlier.
    CVE ID: CVE-2023-28929 (High)
  • BianLian Ransomware Group (16 May 2023)

     It has been observed that BianLian Ransomwaregroup gains access to victim systems through valid Remote Desktop Protocol (RDP) credentials and  uses open-source tools and command-line scripting for discovery and credential harvesting, and exfiltrates victim data via File Transfer Protocol (FTP), Rclone.

  • Google Released Security Updates for Chrome (16 May 2023)

     Google has released Extended Stable channel 112.0.5615.204 for Windows and Mac, Chrome Stable 113 (113.0.5672.121) for iOS, Stable channel 113.0.5672.126 for Mac and Linux & 113.0.5672.126/.127 for Windows to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-2721 (Critical), CVE-2023-2722 (High), CVE-2023-2723 (High), CVE-2023-2724 (High), CVE-2023-2725 (High), CVE-2023-2726 (Medium)
  • Snap One Security Updates (16 May 2023)

     Snap One has released security updates to address multiple vulnerabilities in its equipment OvrC Cloud, OvrC Pro Devices that can allow to impersonate and claim devices, execute arbitrary code and disclose information about the affected device. The affected version is Snap One OvrC Pro version 7.1.
    CVE ID: CVE-2023-28649 (High), CVE-2023-28412 (Medium), CVE-2023-31241 (High), CVE-2023-31193 (High), CVE-2023-28386 (High), CVE-2023-31245 (High), CVE-2023-31240 (High), CVE-2023-25183 (High) 
  • Vulnerability in Rockwell's Equipment (16 May 2023)

     An improper input validation vulnerability has been discovered in Rockwell's Equipment ArmorStart that can allow a malicious user to view and modify sensitive data or make the web page unavailable. The affected versions are ArmorStart ST281E: Version 2.004.06 and later, ArmorStart ST284E: All versions, and ArmorStart ST280E: All versions.
    CVE ID: CVE-2023-29031 (High), CVE-2023-29030 (High), CVE-2023-29023 (High), CVE-2023-29024 (Medium), CVE-2023-29025 (Medium), CVE-2023-29026 (Medium), CVE-2023-29027 (Medium), CVE-2023-29028 (Medium), CVE-2023-29029 (Medium), CVE-2023-29022 (Medium)
  • Multiple Vulnerabilities in Jenkins (16 May 2023)

     Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
    CVE ID: CVE-2023-32977 (High), CVE-2023-32978 (Medium), CVE-2023-32979 (Medium), CVE-2023-32980 (Medium), CVE-2023-32981 (Medium), CVE-2023-32982 (Medium), CVE-2023-32983 (Medium), CVE-2023-32984 (High), CVE-2023-32985 (Medium), CVE-2023-32986 (High), CVE-2023-32987 (Medium), CVE-2023-32988 (Medium), CVE-2023-32989 (Medium), CVE-2023-32990 (Medium), CVE-2023-32991 (High), CVE-2023-32992 (High), CVE-2023-32993 (Medium), CVE-2023-32994 (Medium), CVE-2023-32995 (Medium), CVE-2023-32996 (Medium), CVE-2023-32997 (High), CVE-2023-2195 (Medium), CVE-2023-2631 (Medium), CVE-2023-2196 (Medium), CVE-2023-2632 (Medium), CVE-2023-2633 (Medium), CVE-2023-32998 (Medium), CVE-2023-32999 (Medium), CVE-2023-33000 (Low), CVE-2023-33001 (Medium), CVE-2023-33002 (High), CVE-2023-33003 (Medium), CVE-2023-33004 (Medium), CVE-2023-33005 (High), CVE-2023-33006 (Medium), CVE-2023-33007 (High)
  • Multiple Vulnerabilities in VM2 Sandbox library (15 May 2023)

    Multiple vulnerabilities such as a sandbox escape vulnerability and a vulnerability that allows to run untrusted code with Node's built-in modules  have been discovered in the VM2 sandbox library. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-32314 (Critical), CVE-2023-32313 (Medium)
  • Vulnerability in Multiple WAGO Products (15 May 2023)

     A critical vulnerability has been discovered in multiple products of WAGO that allows to create new users and change the device configuration, which can result in unintended behaviour, Denial of Service (DoS) and full system compromise.
    CVE ID: CVE-2023-1698
  • SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System (12 May 2023)

     A SQL injection vulnerability has been discovered in SourceCodester Online Tours & Travels Management System 1.0. 
    CVE ID: CVE-2023-2619
  • Palo Alto Networks Security Updates (11 May 2023)

     Palo Alto Networks has released security updates to address a file disclosure vulnerability in Palo Alto Networks PAN-OS software that enables an authenticated read write administrator with access to the web interface to export local files from the firewall through a race condition.
    CVE ID: CVE-2023-0008 (Medium)
  • VMware Security Updates (11 May 2023)

     VMware has released security updates to address deserialization and privilege escalation vulnerabilities in VMware Aria Operations. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-20877 (High), CVE-2023-20878 (Medium), CVE-2023-20879 (Medium), CVE-2023-20880 (Medium)
  • CVE - KB Correlation (11 May 2023)

    List of CVE IDs and corresponding Knowledge Base IDs as released by Microsoft during April 2023.

  • Palo Alto Networks Security Updates (10 May 2023)

    Palo Alto Networks has released security updates to address a Cross Site Scripting (XSS) vulnerability in Palo Alto Networks PAN OS software on Panorama appliances that enables an authenticated read write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed.
    CVE ID: CVE-2023-0007 (Medium)
  • Mozilla Released Security Update for Thunderbird (10 May 2023)

    Mozilla has released a security update to address multiple vulnerabilities in Thunderbird 102.11. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-32205 (High), CVE-2023-32206 (High), CVE-2023-32207 (High), CVE-2023-32211 (Medium), CVE-2023-32212 (Medium), CVE-2023-32213 (Medium), CVE-2023-32214 (Low), CVE-2023-32215 (High)
  • Microsoft Released May 2023 Security Updates (09 May 2023)

     Microsoft has released updates to address multiple vulnerabilities in its software. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-24941 (Critical), CVE-2023-24943 (Critical)
  • SAP Released May 2023 Security Notes (09 May 2023)

     SAP has released security notes to address several critical vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Adobe Released Security Updates for Adobe Substance 3D Painter (09 May 2023)

    Adobe has released security updates to address multiple vulnerabilities in Adobe Substance 3D Painter. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-29273 (High), CVE-2023-29274 (High), CVE-2023-29275 (High), CVE-2023-29276 (High), CVE-2023-29277 (Medium), CVE-2023-29278 (High), CVE-2023-29279 (Medium), CVE-2023-29280 (High), CVE-2023-29281 (High), CVE-2023-29282 (High), CVE-2023-29283 (High), CVE-2023-29284 (High), CVE-2023-29285 (High), CVE-2023-29286 (Medium)
  • Multiple Vulnerabilities in Siemens Products (09 May 2023)

    Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve these vulnerabilities.

  • Microsoft Security Updates for Windows Network File System (09 May 2023)

    Microsoft has released security updates to resolve Remote Code Execution (RCE) vulnerability in Windows Network File System.
    CVE ID: CVE-2023-24941 (Critical)
  • Siemens Security Updates for Siveillance Video Event and Management Servers (09 May 2023)

    Siemens has released security updates to resolve code execution vulnerability in Siveillance Video Event and Management Servers.
    CVE ID: CVE-2023-30899 (Critical), CVE-2023-30898 (Critical)
  • Microsoft Security Updates for Windows Pragmatic General Multicast (PGM) (09 May 2023)

    Microsoft has released security updates to resolve Remote Code Execution (RCE) vulnerability in Windows Pragmatic General Multicast (PGM).
    CVE ID: CVE-2023-24943 (Critical)
  • Siemens Security Updates for SCALANCE LPE9403 (09 May 2023)

    Siemens has released security updates to resolve multiple vulnerabilities in SCALANCE LPE9403 all versions before V2.1.
    CVE ID: CVE-2023-27407 (Critical), CVE-2023-27408 (Low), CVE-2023-27409 (Low), CVE-2023-27410 (Low)
  • Red Hat Security Updates (04 May 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (04 May 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Ubuntu Released Security Updates for Django (03 May 2023)

     Ubuntu has released security updates to address a vulnerability in Django that can allow attacker to bypass certain validations. The affected products are Ubuntu 23.04, Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 ESM.
    CVE ID: CVE-2023-31047 (Medium)
  • Vulnerability in Cisco SPA112 2-Port Phone Adapters (03 May 2023)

     Remote Command Execution vulnerability has been discovered in Cisco SPA112 2-Port Phone Adapters that can allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. Cisco SPA112 2-Port Phone Adapters have entered the end-of-life process. 
    CVE ID: CVE-2023-20126 (Critical)
  • Multiple Vulnerabilities in WordPress Plugins (03 May 2023)

     Multiple vulnerabilities have been discovered in various WordPress plugins. The affected plugins are Spiffy Calendar plugin, Participants Database plugin, and Contact Form 7 extension for Google Map fields plugin. Security updates & patches are available.

  • Drupal Security Updates (03 May 2023)

     Drupal has released security updates to address an access bypass vulnerability in S3 File System, a third-party library used in it.

  • Multiple Vulnerabilities in Fortinet Products (03 May 2023)

     Multiple vulnerabilities have been discovered in several Fortinet products. Security updates are available.
    CVE ID: CVE-2023-27999 (High), CVE-2023-27993 (Medium), CVE-2022-45858 (Low), CVE-2023-22637 (Medium), CVE-2022-45860 (Medium), CVE-2022-45859 (Low), CVE-2023-26203 (Medium), CVE-2022-43950 (Low), CVE-2023-22640 (High)
  • Google Released Security Updates for Chrome (03 May 2023)

     Google has released Chrome Beta 114 (114.0.5735.14) for Android, Beta channel OS version: 15393.44.0 Browser version: 113.0.5672.85 for most ChromeOS devices, and Chrome 114.0.5735.16 Windows, Mac and Linux.

  • Red Hat Security Updates (03 May 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Apple Security Updates (02 May 2023)

     Apple has released Beats Firmware Update 5B66 to address an authentication vulnerability in Powerbeats Pro, Beats Fit Pro. An attacker can exploit this vulnerability to take control of an affected device.
    CVE ID: CVE-2023-27964
  • Ubuntu Released Security Updates for PHP (02 May 2023)

    Ubuntu has released security updates to address invalid Blowfish password hashes vulnerability in PHP that can allow applications to accept any password as valid, contrary to expectations. The affected product is Ubuntu 16.04 ESM.
    CVE ID: CVE-2023-0567 (Medium)
  • Juniper Released Security Updates (02 May 2023)

    Juniper has released security updates to address multiple NTP vulnerabilities in Juniper Networks Junos OS, and Junos OS Evolved.

  • Google Released Security Updates for Chrome (02 May 2023)

    Google has released Chrome 113 (113.0.5672.76/.77) for Android, Extended Stable channel 112.0.5615.179 for Windows and Mac, Chrome 113.0.5672.63 for Linux and Mac, Chrome 113.0.5672.63/.64 for Windows, Chrome Beta 113 (113.0.5672.77) for Android, Chrome Stable 113 (113.0.5672.69) for iOS, and Chrome Stable 113 (113.0.5672.69) for iOS.
    CVE ID: CVE-2023-2459 (Medium), CVE-2023-2460 (Medium), CVE-2023-2461 (Medium), CVE-2023-2462 (Medium), CVE-2023-2463 (Medium), CVE-2023-2464 (Medium), CVE-2023-2465 (Medium), CVE-2023-2466 (Low), CVE-2023-2467 (Low), CVE-2023-2468 (Low)
  • Zyxel Security Updates (02 May 2023)

    Zyxel has released security updates to address multiple vulnerabilities in NBG6604 home router, and NBG-418N v2 home router.
    CVE ID: CVE-2023-22919 (High), CVE-2023-22921 (High), CVE-2023-22922 (High), CVE-2023-22923 (Medium), CVE-2023-22924
  • GitLab Security Updates (02 May 2023)

    GitLab has released updated versions 15.11.1, 15.10.5, and 15.9.6 for GitLab Community Edition (CE) and Enterprise Edition (EE).
    CVE ID: CVE-2023-2182 (Medium), CVE-2023-1965 (Medium), CVE-2023-2069 (Medium), CVE-2023-1178 (Medium), CVE-2023-0805 (Medium), CVE-2023-0756 (Medium), CVE-2023-1836 (Medium), CVE-2022-4376 (Low)
  • SUSE Security Updates (02 May 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (02 May 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Debian Security Update (02 May 2023)

    Debian has released a security update to resolve multiple vulnerabilities in avahi, libdatetime-timezone-perl, and tzdata.
    CVE ID: CVE-2023-1981
  • Vulnerability in Steveas WP Live Chat Shoutbox WordPress plugin (02 May 2023)

     SQL injection vulnerability has been discovered in Steveas WP Live Chat Shoutbox WordPress plugin. The affected versions are Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2.
    CVE ID: CVE-2023-1020 (Critical)
  • Vulnerability in Apache Superset (02 May 2023)

     Session Validation attack vulnerability has been discovered in Apache Superset. The affected versions are Apache Superset versions up to and including 2.0.1.
    CVE ID: CVE-2023-27524 (Critical)
  • Vulnerability in White Rabbit Switch (02 May 2023)

     A vulnerability has been discovered in White Rabbit Switch, which makes it possible for an attacker to perform system commands under the context of the web application. 
    CVE ID: CVE-2023-22581 (Critical)
  • Moodle Security Updates (01 May 2023)

     Moodle has released security updates to address multiple vulnerabilities in several products.
    CVE ID: CVE-2023-30944, CVE-2023-30943
  • Vulnerability in GitHub Repository (01 May 2023)

     Cross-site Scripting (XSS) vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository sidekiq/sidekiq prior to 7.0.8.
    CVE ID: CVE-2023-1892 (Critical)
  • Vulnerability in Spring Boot (01 May 2023)

     Security bypass vulnerability has been discovered in Spring Boot on Cloud Foundry. The affected versions are Spring Boot 3.0.0 to 3.0.5, 2.7.0 to 2.7.10, and older unsupported versions.
    CVE ID: CVE-2023-20873 (Critical)
  • Ubuntu Released Security Updates for Multiple Products (01 May 2023)

     Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 23.04, Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 ESM.
    CVE ID: CVE-2023-1829 (High), CVE-2023-1872 (High), CVE-2023-25815 (Low), CVE-2023-29007 (High), CVE-2023-25652 (High)
  • WordPress Released Security Update for Advanced Woo Search plugin (01 May 2023)

     WordPress Released security update to resolve Stored Cross-Site Scripting vulnerability in Advanced Woo Search plugin. The affected versions are Advanced Woo Search versions up to, and including, 2.77.
    CVE ID: CVE-2023-2452 (Medium)
  • WordPress Released Security Update for WP EasyPay plugin (01 May 2023)

     WordPress Released security update to resolve Reflected Cross-Site Scripting vulnerability in WP EasyPay plugin. The affected versions are WP EasyPay versions up to, and including, 4.0.4.
    CVE ID: CVE-2023-1465 (Medium)
  • SUSE Security Updates (01 May 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (01 May 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Debian Security Updates for openvswitch Package (01 May 2023)

     Debian has released security updates to resolve a denial of service vulnerability in openvswitch.
    CVE ID: CVE-2023-1668
  • Android Security Updates (01 May 2023)

     Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2023-05-05 or later, address all of these issues.

  • ClamAV Released Security Updates (01 May 2023)

     ClamAV has released updated versions 1.1.0 to address multiple vulnerabilities in its products.

  • Vulnerability in Moxa MiiNePort E1 (27 Apr 2023)

     Insufficient access control vulnerability has been discovered in Moxa MiiNePort E1. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service.
    CVE ID: CVE-2023-28697 (Critical)
  • Vulnerability in aEnrich Technology a+HRD (27 Apr 2023)

     Deserialization of Untrusted Data vulnerability has been discovered in aEnrich Technology a+HRD. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service.
    CVE ID: CVE-2023-20853 (Critical)
  • Vulnerability in Tenda AC15 (27 Apr 2023)

     Stack-based buffer overflow vulnerability has been discovered in Tenda AC15. The affected version is Tenda AC15 V15.03.05.19.
    CVE ID: CVE-2023-30378 (Critical)
  • Vulnerability in PowerJob (27 Apr 2023)

     Incorrect Access Control vulnerability has been discovered in PowerJob that allows for remote code execution. The affected version is PowerJob V4.3.1.
    CVE ID: CVE-2023-29924 (Critical)
  • Vulnerability in GitHub Repository (27 Apr 2023)

     Weak Password Requirements vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository modoboa/modoboa prior to 2.1.0.
    CVE ID: CVE-2023-2160 (Critical)
  • Vulnerability in AMI MegaRAC (27 Apr 2023)

     Insufficient Verification of Data Authenticity vulnerability has been discovered in AMI MegaRAC. The affected versions are AMI MegaRAC SPx12 and SPx13.
    CVE ID: CVE-2023-28863 (Critical)
  • Multiple Vulnerabilities in Illumina's Equipment (27 Apr 2023)

     Multiple vulnerabilities such as Binding to an Unrestricted IP Address, and Execution with Unnecessary Privileges have been discovered in Illumina's Equipment- Universal Copy Service (UCS). Successful exploitation of these vulnerabilities can allow an attacker to take any action at the operating system level.
    CVE ID: CVE-2023-1968 (Critical), CVE-2023-1966 (High)
  • Ubuntu Released Security Updates for Multiple Products (27 Apr 2023)

     Ubuntu has released security updates to address several vulnerabilities in Linux kernel, and OpenSSL-ibmca. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
    CVE ID: CVE-2023-1829 (High)
  • Multiple Vulnerabilities in Intel products Affects Mitsubishi Electric FA Products (27 Apr 2023)

     Multiple vulnerabilities have been discovered in Intel products that affects multiple Mitsubishi Electric FA products. These vulnerabilities allow a malicious attacker to enable escalation of privilege, disclose parameter information in the affected products, and cause a Denial-of-Service (DoS) condition.
    CVE ID: CVE-2020-24512 (Low), CVE-2022-0002 (Medium), CVE-2021-0086 (Medium), CVE-2021-0089 (Medium), CVE-2021-0127 (Medium), CVE-2021-33150 (Medium), CVE-2021-33150 (Medium), CVE-2021-0127 (Medium), CVE-2021-0146 (High), CVE-2020-8670 (High), CVE-2020-24489 (High)
  • Google Released Security Updates for Chrome (27 Apr 2023)

     Google has released Dev channel 114.0.5735.6 for Mac and Linux, windows, Beta channel OS version: 15393.38.0 Browser version: 113.0.5672.67 for most ChromeOS devices, Chrome Dev 114 (114.0.5735.7) for Android, LTS channel 108.0.5359.230 (Platform Version: 15183.93.0) for most ChromeOS devices, and Chrome Beta 113 (113.0.5672.67) for iOS.
    CVE ID: CVE-2023-1532 (High), CVE-2023-1811 (High), CVE-2023-2136 (High), CVE-2023-2033 (High), CVE-2023-0266 (High), CVE-2022-2196 (High), CVE-2023-26083 (High), CVE-2023-1281 (High)
  • Security Update for WPS Office (27 Apr 2023)

     WPS Office v11.2.0.11537 has been released to resolve vulnerabilities in earlier versions.

  • SUSE Security Updates (27 Apr 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (27 Apr 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Multiple Vulnerabilities in Several NetApp Products (27 Apr 2023)

     Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates are available for some products.

  • Red Hat Security Updates (27 Apr 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Ubuntu Released Security Updates for Multiple Products (26 Apr 2023)

     Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 23.04, Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 16.04 ESM.
    CVE ID: CVE-2023-1786, CVE-2023-28879 (Critical), CVE-2023-1872 (High), CVE-2023-0386 (High), CVE-2022-3586 (Medium), CVE-2023-1829 (High), CVE-2023-1670 (High), CVE-2023-1390 (High), CVE-2022-4095 (High)
  • Vulnerability in Cisco Prime Collaboration Deployment (26 Apr 2023)

     Cross-Site Scripting vulnerability has been discovered in the web-based management interface of Cisco Prime Collaboration Deployment that can allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. The affected versions are Cisco Prime Collaboration Deployment 14 and earlier.
    CVE ID: CVE-2023-20060 (Medium)
  • Multiple Vulnerabilities in WordPress Plugins (26 Apr 2023)

     Multiple vulnerabilities have been discovered in various WordPress plugins. The affected plugins are WP BrowserUpdate plugin, Logo Scheduler plugin, Simple Giveaways plugin, Integration for Contact Form 7 HubSpot plugin, Easy Bet plugin, and WooCommerce Multivendor Marketplace-REST API plugin. Security updates & patches are available for some plugins.
    CVE ID: CVE-2023-31078 (Medium), CVE-2023-28690 (Medium), CVE-2023-30875 (Medium), CVE-2023-31086 (Medium), CVE-2023-31095 (Medium), CVE-2023-31092 (High), CVE-2023-2275 (Medium)
  • Google Released Security Updates for Chrome (26 Apr 2023)

     Google has released Chrome 113 (113.0.5672.61/62) for Android, Chrome Beta 113 (113.0.5672.62) for Android, Stable channel 113.0.5672.63 for Windows and Mac, and Beta channel 113.0.5672.63 for Windows, Linux and Mac.

  • SUSE Security Updates (26 Apr 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (26 Apr 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Red Hat Security Updates (26 Apr 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • KNX Systems Publicly Available Exploit (26 Apr 2023)

     Schneider Electric is aware of a publicly available exploit affecting KNX home and building automation systems. The products used in these systems may come from a variety of different vendors, including Schneider Electric spaceLYnk, Wiser for KNX, and FellerLYnk products. The exploit consists of direct access to product functions and brute force attacks on the panel, which can lead to unauthorized access to product features.
    CVE ID: CVE-2020-7525 (High), CVE-2022-22809 (Medium)
  • Vulnerability in Keysight's Equipment (25 Apr 2023)

     Deserialization of Untrusted Data vulnerability has been discovered in Keysight's Equipment- N8844A Data Analytics Web Service that lead to remote code execution. The affected versions are N8844A Data Analytics Web Service 2.1.7351 and prior.
    CVE ID: CVE-2023-1967 (Critical)
  • VMware Security Updates (25 Apr 2023)

     VMware has released security updates to address multiple vulnerabilities in VMware Workstation and Fusion. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-20869 (Critical), CVE-2023-20870 (Medium), CVE-2023-20871 (High), CVE-2023-20872 (High)
  • Zyxel Security Updates (25 Apr 2023)

     Zyxel has released security updates to address multiple vulnerabilities in its products.
    CVE ID: CVE-2023-27990 (Low), CVE-2023-27991 (High), CVE-2023-28771 (Critical), CVE-2023-22913 (High), CVE-2023-22914 (High), CVE-2023-22915 (High), CVE-2023-22916 (High), CVE-2023-22917 (High), CVE-2023-22918 (Medium)
  • Multiple Vulnerabilities in Hitachi Energy Products (25 Apr 2023)

     Multiple vulnerabilities have been discovered in several Hitachi Energy products. An attacker can exploit these vulnerabilities to take control of an affected system. The workarounds/mitigations are available.
    CVE ID: CVE-2022-40674 (Critical), CVE-2022-43680 (High), CVE-2023-0286 (High), CVE-2022-4304 (Medium), CVE-2022-23937 (High), CVE-2022-0778 (High), CVE-2021-3711 (Critical), CVE-2021-3712 (High), CVE-2021-43298 (Critical), CVE-2020-15688 (High), CVE-2019-16645 (High), CVE-2019-12822 (High), CVE-2018-15504 (High), CVE-2018-15505 (High), CVE-2021-41615 (Critical), CVE-2023-23916 (High)
  • Denial-of-Service Vulnerability in SLP (25 Apr 2023)

     A vulnerability has been discovered in Service Location Protocol (SLP) that allows an unauthenticated remote attacker to register arbitrary services. This can allow an attacker to use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor.
    CVE ID: CVE-2023-29552
  • Scada-LTS Security Update (25 Apr 2023)

     Scada-LTS has released security update to address Cross-site Scripting vulnerability in its equipment- Scada-LTS that allow loss of sensitive information and execution of arbitrary code. The affected versions are Scada-LTS Versions 2.7.4 and prior.
    CVE ID: CVE-2015-1179 (Medium)
  • SUSE Security Updates (25 Apr 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (25 Apr 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Google Released Security Updates for Chrome (24 Apr 2023)

     Google has released Chrome Stable 112 (112.0.5615.167) for iOS.

  • Microsoft Edge Security Update (24 Apr 2023)

     Microsoft has released Microsoft Edge Stable Channel (Version 109.0.1518.100) to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-2033, CVE-2023-2136
  • Multiple Vulnerabilities in Several IBM Products (24 Apr 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Vulnerability in OMRON (24 Apr 2023)

    Heap-based buffer overflow vulnerability has been discovered in OMRON CX-Drive. The affected versions are CX-Drive V3.01 and earlier.
    CVE ID: CVE-2023-27385 (High)
  • Vulnerability in WordPress Plugin (24 Apr 2023)

    Cross-site scripting vulnerability has been discovered in 'Appointment and Event Booking Calendar for WordPress - Amelia' WordPress plugin. The affected versions are Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76.
    CVE ID: CVE-2023-27918 (Medium)
  • Red Hat Security Updates (24 Apr 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in WordPress Plugins (21 Apr 2023)

    Multiple vulnerabilities have been discovered in various WordPress plugins. The affected plugins are Formilla Live Chat plugin, Formilla Edge plugin, Modal Dialog plugin and Formilla Chat and Marketing Automation plugin. Security updates & patches are available.

  • Vulnerability in TOTOLINK (21 Apr 2023)

    Command injection vulnerability has been discovered in TOTOLINK. The affected version is TOTOLINK X18 V9.1.0cu.2024_B20220329.
    CVE ID: CVE-2023-29801 (Critical)
  • Vulnerability in DTS Electronics Redline Router (21 Apr 2023)

    Authentication Bypass by Primary Weakness vulnerability has been discovered in DTS Electronics Redline Router firmware that allows Authentication Bypass. The affected versions are Redline Router before 7.17.
    CVE ID: CVE-2023-1833 (Critical)
  • Vulnerability in DTS Electronics Redline Router (21 Apr 2023)

    Authentication Bypass by Alternate Name vulnerability has been discovered in DTS Electronics Redline Router firmware that allows Authentication Bypass. The affected versions are Redline Router before 7.17.
    CVE ID: CVE-2023-1803 (Critical)
  • Vulnerability in T-ME Studios Change Color of Keypad (21 Apr 2023)

    Directory Traversal vulnerability has been discovered in T-ME Studios Change Color of Keypad that allows a remote attacker to execute arbitrary code via the dex file in the internal storage. The affected version is T-ME Studios Change Color of Keypad v.1.275.1.277.
    CVE ID: CVE-2023-27648 (Critical)
  • Vulnerability in Diasoft File Replication Pro (21 Apr 2023)

    It has been discovered that Diasoft File Replication Pro allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that is executed as LocalSystem. The affected version is Diasoft File Replication Pro 7.5.0.
    CVE ID: CVE-2023-26918 (Critical)
  • Vulnerability in bloofox (21 Apr 2023)

    An arbitrary file deletion vulnerability has been discovered in bloofox. The affected version is bloofox v0.5.2.
    CVE ID: CVE-2023-27812 (Critical)
  • Debian Security Update (21 Apr 2023)

    Debian has released a security update to resolve multiple vulnerabilities in curl, redis, and connman.
    CVE ID: CVE-2023-27533 (High), CVE-2023-27535 (High), CVE-2023-27536 (Critical), CVE-2023-27538 (Medium), CVE-2023-28488 (Medium), CVE-2023-28856 (Medium)
  • Vulnerability in DedeCMS (20 Apr 2023)

     A code injection vulnerability has been discovered in DedeCMS that affects the function GetSystemFile of the file module_main.php. The affected versions are DedeCMS up to 5.7.87.
    CVE ID: CVE-2023-2056 (Critical)
  • Vulnerability in Eskom Computer Water Metering Software (20 Apr 2023)

     A SQL injection vulnerability has been discovered in Eskom Computer Water Metering Software that allows command line execution. The affected versions are Water Metering Software: before 23.04.06.
    CVE ID: CVE-2023-1863 (Critical)
  • Vulnerability in DUALSPACE Super Security (20 Apr 2023)

     A Denial of Service (DoS) vulnerability has been discovered in DUALSPACE Super Security. The affected version is DUALSPACE Super Security v.2.3.7.
    CVE ID: CVE-2023-27192 (Critical)
  • Google Released Security Updates for Chrome (20 Apr 2023)

     Google has released Stable channel 109.0.5414.141 for Windows Server 2012 and Windows Server 2012 R2, Dev channel 114.0.5720.4 for Windows, Mac and Linux, and Chrome Dev 114 (114.0.5720.3) for Android.

  • SUSE Security Updates (20 Apr 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Vulnerability in SNIProxy (20 Apr 2023)

     A buffer overflow vulnerability has been discovered in SNIProxy that can lead to arbitrary code execution. The affected versions are SNIProxy 0.6.0-2 and the master branch.
    CVE ID: CVE-2023-25076 (Critical)
  • Ubuntu Released Security Updates for Multiple Products (20 Apr 2023)

     Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
    CVE ID: CVE-2023-28450 (High), CVE-2019-7443 (High), CVE-2022-44940 (Critical)
  • Vulnerability in INEA's Equipment (20 Apr 2023)

     An OS command injection vulnerability has been discovered in INEA's Equipment- ME RTU that can allow Remote Code Execution (RCE). The affected versions are ME RTU prior to 3.36.
    CVE ID: CVE-2023-2131 (Critical)
  • VMware Security Updates (20 Apr 2023)

     VMware has released security updates to address deserialization and command injection vulnerabilities in VMware Aria Operations for Logs. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-20864 (Critical), CVE-2023-20865 (High)
  • Red Hat Security Updates (20 Apr 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (20 Apr 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Vulnerability in LIQUID SPEECH BALLOON WordPress plugin (19 Apr 2023)

     A Cross Site Request Forgery (CSRF) vulnerability has been discovered in LIQUID SPEECH BALLOON WordPress plugin. The affected versions are LIQUID SPEECH BALLOON versions prior to 1.2.
    CVE ID: CVE-2023-27889 (Medium)
  • Cisco Released Security Updates for Cisco Industrial Network Director (19 Apr 2023)

     Cisco has released security updates to address command injection and file permissions vulnerabilities in Cisco Industrial Network Director (IND). An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-20036 (Critical), CVE-2023-20039 (Medium)
  • Vulnerability in Cisco Modeling Labs (19 Apr 2023)

     An authentication bypass vulnerability has been discovered  in Cisco Modeling Labs that can allow an unauthenticated, remote attacker to access the web interface with administrative privileges. The mitigation and workaround are available.
    CVE ID: CVE-2023-20154 (Critical)
  • Cisco Released Security Updates for Multiple Products (19 Apr 2023)

     Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-20046 (High), CVE-2023-20125 (High), CVE-2023-20051 (Medium), CVE-2023-20098 (Medium), CVE-2023-20004 (Medium), CVE-2023-20090 (Medium), CVE-2023-20091 (Medium), CVE-2023-20092 (Medium), CVE-2023-20093 (Medium), CVE-2023-20094 (Medium)
  • Drupal Security Updates (19 Apr 2023)

     Drupal has released security updates to resolve an access bypass vulnerability in Drupal core.

  • Google Released Security Updates for Chrome (19 Apr 2023)

     Google has released Stable channel 112.0.5615.134 (Platform version: 15359.58.0) for most ChromeOS devices, Beta channel 113.0.5672.53 for Windows, Mac and Linux, Chrome Beta 113 (113.0.5672.54) for iOS, Chrome Beta 113 (113.0.5672.51) for Android and Chrome Stable 112 (112.0.5615.70) for iOS.

  • NVIDIA Security Updates (19 Apr 2023)

     NVIDIA has released a security update for NVIDIA DGX-1 firmware to address arbitrary code execution, Denial of Service (DoS), escalation of privileges, information disclosure, data tampering, and SecureBoot bypass vulnerabilities. The affected products & versions are DGX-1, all BMC versions prior to 3.39.3 and DGX-1, all SBIOS prior to S2W_3A13.
    CVE ID: CVE-2023-0209 (High), CVE-2023-25505 (High), CVE-2023-25506 (High), CVE-2023-25507 (High), CVE-2023-25508 (Medium), CVE-2023-25509 (Medium)
  • Foxit PDF Editor Security Updates (19 Apr 2023)

     Foxit has released updated Foxit PDF Reader 12.1.2 and Foxit PDF Editor 12.1.2 to resolve multiple vulnerabilities in Foxit PDF Reader 12.1.1.15289 & earlier,  Foxit PDF Editor 12.1.1.15289 & all previous 12.x versions, 11.2.5.53785 & all previous 11.x versions and 10.1.11.37866 and earlier.

  • GitLab Security Update (19 Apr 2023)

     GitLab has released Community Edition and Enterprise Edition version 15.8.6 to resolve a number of regressions and bugs in the 15.8 release and prior versions.

  • SUSE Security Updates (19 Apr 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Microsoft Edge Security Update (19 Apr 2023)

     Microsoft has released Microsoft Edge Stable Channel (Version 112.0.1722.54) to resolve a vulnerability.
    CVE ID: CVE-2023-2136
  • Google Released Security Updates for Chrome (18 Apr 2023)

     Google has released Chrome 112 (112.0.5615.135/.136) for Android,  Beta channel OS version: 15393.27.0, Browser version: 113.0.5672.46 for most ChromeOS devices, and Chrome Stable 112 (112.0.5615.69) for iOS and Stable and extended stable channel 112.0.5615.137/138 for Windows and 112.0.5615.137 for Mac and 112.0.5615.165 for Linux to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-2133 (High), CVE-2023-2134 (High), CVE-2023-2135 (High), CVE-2023-2136 (High), CVE-2023-2137 (Medium)
  • NVIDIA Security Updates for NVIDIA ConnectX (18 Apr 2023)

     NVIDIA has released security updates to resolve multiple vulnerabilities in NVIDIA ConnectX firmware that lead to Denial of Service (DoS). The affected versions are NVIDIA ConnectX Firmware prior to 35.1012.
    CVE ID: CVE?2023?0204 (Medium), CVE?2023?0203 (Medium), CVE?2023?0205 (Medium)
  • Ubuntu Released Security Updates for Multiple Products (18 Apr 2023)

     Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS,  Ubuntu 16.04 ESM and Ubuntu 14.04 ESM.

  • Vulnerability in Omron's Equipment (18 Apr 2023)

     Missing authentication for critical function vulnerability has been discovered in Omron's Equipment- SYSMAC CS/CJ Series that allow to access sensitive information in the file system and memory. 
    CVE ID: CVE-2022-45794 (High)
  • Oracle Released April 2023 Critical Patch Update (18 Apr 2023)

     Oracle has released its critical patch update for April 2023 to address 433 vulnerabilities across multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Multiple Vulnerabilities in SEIKO EPSON Printers/Network Interface Web Config (18 Apr 2023)

    Stored Cross-Site Scripting (XSS) and Cross Site Request Forgery (CSRF) vulnerabilities have been discovered in SEIKO EPSON printers/network interface Web Config.
    CVE ID: CVE-2023-23572 (Medium), CVE-2023-27520 (Medium)
  • Red Hat Security Updates (18 Apr 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in FINS Protocol Affects Omron Products (17 Apr 2023)

    Multiple vulnerabilities in Factory Interface Network Service ( FINS ) are affecting Omron Programmable Logic Controller (PLC) used in Factory Automation (FA) networks built with Omron products. The affected products are all versions of SYSMAC CS-series CPU Units, SYSMAC CJ-series CPU Units,  SYSMAC CP-series CPU Units, SYSMAC NJ-series CPU Units, SYSMAC NX1P-series CPU Units &  SYSMAC NX102-series CPU Units and version 1.16 or later of SYSMAC NX7 Database Connection CPU Units.
    CVE ID: CVE-2023-23572 (Medium), CVE-2023-27520 (Medium)
  • WordPress Released Security Updates for LearnPress - Export/Import Courses plugin (17 Apr 2023)

    WordPress has released security updates to resolve the Reflected Cross-Site Scripting (XSS) vulnerability in the LearnPress - Export/Import Courses plugin. The affected versions are LearnPress - Export/Import Courses plugin versions up to, and including, 4.0.2.
    CVE ID: CVE-2023-30487 (Medium)
  • WordPress Released Security Updates for Locatoraid Store Locator plugin (17 Apr 2023)

    WordPress has released security updates to resolve Stored Cross-Site Scripting (XSS) vulnerability via the plugin's shortcode(s) in the Locatoraid Store Locator plugin. The affected versions are Locatoraid Store Locator plugin versions up to, and including, 3.9.14.
    CVE ID: CVE-2023-2031 (Medium)
  • WordPress Released Security Updates for Responsive Filterable Portfolio plugin (17 Apr 2023)

    WordPress has released security updates to resolve Reflected Cross-Site Scripting (XSS) vulnerability via the search_term parameter in the Responsive Filterable Portfolio plugin. The affected versions are Responsive Filterable Portfolio plugin versions up to, and including, 1.0.19.
    CVE ID: CVE-2023-2119 (Medium)
  • WordPress Released Security Updates for Thumbnail carousel slider plugin (17 Apr 2023)

    WordPress has released security updates to resolve Reflected Cross-Site Scripting vulnerability via the search_term parameter in the Thumbnail carousel slider plugin. The affected versions are Thumbnail carousel slider plugin versions up to, and including, 1.1.9.
    CVE ID: CVE-2023-2120 (Medium)
  • Google Released Security Updates for Chrome (17 Apr 2023)

    Google has released LTS channel 108.0.5359.228 (Platform Version: 15183.90.0) for most ChromeOS devices, and Dev channel 114.0.5714.0 for Windows, Mac and Linux to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-1529 (High), CVE-2023-1528 (High), CVE-2023-1533 (High), CVE-2023-1534 (High), CVE-2023-1530  (High)
  • Netgear Security Updates (17 Apr 2023)

    Netgear has released security updates to address the post-authentication buffer overflow vulnerability in RAX30. The affected versions are RAX30 firmware prior to version 1.0.9.92.

  • Red Hat Security Updates (17 Apr 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in VM2 (14 Apr 2023)

     A vulnerability in exception sanitization of vm2 has been discovered that allows to bypass the sandbox protection to gain remote code execution rights on the host running the sandbox. The affected versions are vm2 3.9.16 and below.
    CVE ID: CVE-2023-30547 (Critical)
  • Vulnerability in Source Code Transformer of vm2 (14 Apr 2023)

     A vulnerability has been discovered in the source code transformer of vm2 that allows to bypass and leak unsanitized host exceptions. The affected versions are vm2 3.9.16 and below.
    CVE ID: CVE-2023-29199 (Critical)
  • Microsoft Security Updates for DHCP Server Service (14 Apr 2023)

    Microsoft has released security updates to address the Remote Code Execution (RCE) vulnerability in DHCP Server Service.
    CVE ID: CVE-2023-28231 (High)
  • Vulnerability in WordPress Plugins (14 Apr 2023)

    An authentication bypass vulnerability has been discovered in the ZM Ajax Login & Register plugin for WordPress. The affected versions are ZM Ajax Login & Register plugin before 2.0.2.
    CVE ID: CVE-2023-2027 (Critical)
  • Multiple Vulnerabilities in WordPress Plugins (14 Apr 2023)

    Multiple Cross-Site Scripting (XSS) vulnerabilities have been discovered in Contact Form to DB plugin, and Vimeotheque plugin for WordPress. Security updates & patches are available.

  • Google Released Security Updates for Chrome (14 Apr 2023)

    Google has released Chrome 112 (112.0.5615.100/.101) for Android, and Stable & extended stable channel 112.0.5615.121 for Windows, Mac & Linux to resolve vulnerability.
    CVE ID: CVE-2023-2033 (High)
  • GitLab Security Update (14 Apr 2023)

    GitLab has released Community Edition and Enterprise Edition version 15.10.3 to resolve a number of regressions and bugs.

  • Microsoft Edge Security Update (14 Apr 2023)

    Microsoft has released Microsoft Edge Stable Channel (Version 112.0.1722.48) to resolve a vulnerability.
    CVE ID: CVE-2023-2033
  • Cyber Security Agencies Released Guideline for Technology Manufacturers to Ensure Security of Products (13 Apr 2023)

    Cyber Security agencies commonly release guidelines for technology manufacturers to ensure security of products named "Shifting the Balance of Cybersecurity Risk: Security-by-Design and Default".  This guide represents an international effort to reduce exploitable vulnerabilities in technology used by the government and private sector organisations.

  • Multiple Vulnerabilities in Datakit's Equipment (13 Apr 2023)

    Multiple vulnerabilities have been discovered in Datakit's Equipment- CrossCAD/Ware_x64 library that allow to disclose sensitive information or execute arbitrary code. All versions of CrossCAD/Ware_x64 library prior to 2023.1 are affected.
    CVE ID: CVE-2023-22295 (Low), CVE-2023-22321 (Low), CVE-2023-22354 (Low), CVE-2023-22846 (Low), CVE-2023-23579 (High)
  • Red Hat Security Updates (13 Apr 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Palo Alto Networks Released Security Updates (12 Apr 2023)

     Palo Alto Networks has released security updates to resolve exposure of sensitive information and local file deletion vulnerabilities in its products.
    CVE ID: CVE-2023-0004 (Medium), CVE-2023-0006 (Medium), CVE-2023-0005 (Medium)
  • Multiple Vulnerabilities in Jenkins (12 Apr 2023)

    Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
    CVE ID: CVE-2023-30513 (Medium), CVE-2023-30514 (Medium), CVE-2023-30515 (Medium), CVE-2023-30516 (Medium), CVE-2023-30517 (Medium), CVE-2023-30518 (Medium), CVE-2023-30519 (Medium), CVE-2023-30520 (High), CVE-2023-30521 (Medium), CVE-2023-30522 (Medium), CVE-2023-30523 (Medium), CVE-2023-30524 (Medium), CVE-2023-30525 (Medium), CVE-2023-30526 (Medium), CVE-2023-30527 (Low), CVE-2023-30528 (Low), CVE-2023-30529 (Medium), CVE-2023-30530 (Medium), CVE-2023-30531 (Medium), CVE-2023-30532 (Medium)
  • Juniper Released Security Updates( 12 Apr 2023)

    Juniper has released security updates to address multiple vulnerabilities in its products and third-party components. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Juniper Released Security Updates for Junos OS (12 Apr 2023)

    Juniper has released security updates to address multiple vulnerabilities in expat, third party software component, that affects Juniper Networks Junos OS.
    CVE ID: CVE-2021-45960 (High), CVE-2021-46143 (High), CVE-2022-22822 (Critical), CVE-2022-22823 (Critical), CVE-2022-22824 (Critical), CVE-2022-22825 (High), CVE-2022-22826 (High), CVE-2022-22827 (High), CVE-2022-23852 (Critical), CVE-2022-23990 (High), CVE-2022-25235 (Critical), CVE-2022-25236 (Critical), CVE-2022-25313 (Medium), CVE-2022-25314 (High), CVE-2022-25315 (Critical)
  • Juniper Released Security Updates for Juniper Secure Analytics (12 Apr 2023)

    Juniper has released security updates to address a vulnerability in Apache Commons Text, third party software component, that affects Juniper Secure Analytics (JSA). The affected versions are Juniper Networks Security Threat Response Manager (STRM) versions prior to 7.5.0UP4 on JSA Series.
    CVE ID: CVE-2022-42889 (Critical)
  • Multiple Vulnerabilities in WordPress Plugins (12 Apr 2023)

     Multiple vulnerabilities have been discovered in the Forminator plugin and the AI ChatBot plugin for WordPress. Security updates & patches are available.

  • Drupal Security Update (12 Apr 2023)

     Drupal has released a security update to resolve an Access bypass vulnerability in Protected Pages, a third-party library used in it.

  • Google Released Security Updates for Chrome (12 Apr 2023)

     Google has released Stable and extended stable channel 112.0.5615.86/87 Windows, and Chrome Beta 113 (113.0.5672.32) for Android.

  • SUSE Security Updates (12 Apr 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Microsoft Released April 2023 Security Updates (12 Apr 2023)

     Microsoft has released updates to address multiple vulnerabilities in its software. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-28250 (Critical), CVE-2023-21554 (Critical) 
  • Red Hat Security Updates (12 Apr 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Microsoft Security Updates for Microsoft Message Queuing (11 Apr 2023)

    Microsoft has released security updates to address the Remote Code Execution (RCE) vulnerability in Microsoft Message Queuing.
    CVE ID: CVE-2023-21554 (Critical)
  • Siemens Security Updates (11 Apr 2023)

     Siemens has released a new firmware version for SCALANCE X-200 and X-200 IRT switches that address Bad Alloc vulnerabilities in the Operating System (OS) and recommends updating to the latest versions.
    CVE ID: CVE-2020-28895 (High), CVE-2020-35198 (Critical)
  • Siemens Security Updates for CPCI85 firmware of SICAM A8000 CP-8031 and CP-8050 (11 Apr 2023)

     Siemens has released security updates to resolve a command injection vulnerability in CPCI85 firmware of SICAM A8000 CP-8031 and CP-8050 that allow to perform Remote Code Execution (RCE).
    CVE ID: CVE-2023-28489 (Critical)
  • Siemens Security Update for SCALANCE XCM332 devices (11 Apr 2023)

     Siemens has released a security update to resolve multiple vulnerabilities in the third-party components cURL, BusyBox, libtirpc, Expat & Linux Kernel used in SCALANCE XCM332 devices. Successful exploitation of vulnerabilities can impact confidentiality, integrity and availability of devices.
    CVE ID: CVE-2021-46828 (High), CVE-2022-1652 (High), CVE-2022-1729 (High), CVE-2022-30065 (High), CVE-2022-32205 (Medium), CVE-2022-32206 (Medium), CVE-2022-32207 (Critical), CVE-2022-32208 (Medium), CVE-2022-35252 (High), CVE-2022-40674 (Critical)
  • Multiple Vulnerabilities in Siemens Products (11 Apr 2023)

     Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve these vulnerabilities.
    CVE ID: CVE-2021-40359 (Critical), CVE-2020-28895 (High), CVE-2020-35198 (Critical), CVE-2022-32207 (Critical), CVE-2022-32208 (Medium), CVE-2022-35252 (High), CVE-2022-40674 (Critical), CVE-2023-28489 (Critical), CVE-2022-26649 (Critical), CVE-2021-37208 (Critical)
  • Adobe Released Security Updates for Multiple Products (11 Apr 2023)

     Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Microsoft Security Updates for Windows Point-to-Point Tunneling Protocol (11 Apr 2023)

     Microsoft has released security updates to address the Remote Code Execution (RCE) vulnerability in Windows Point-to-Point Tunneling Protocol.
    CVE ID: CVE-2023-28232 (High)
  • Microsoft Security Updates for Raw Image Extension (11 Apr 2023)

     Microsoft has released security updates to address Remote Code Execution (RCE) vulnerability in Raw Image Extension.
    CVE ID: CVE-2023-28291 (High)
  • Microsoft Security Updates for Windows Common Log File System Drive (11 Apr 2023)

     Microsoft has released security updates to address an elevation of privilege vulnerability in Windows Common Log File System Driver.
    CVE ID: CVE-2023-28252 (High)
  • Trellix Security Update (11 Apr 2023)

     Trellix has released a security update to address an improper privilege management vulnerability in Trellix Threat Intelligence Exchange (TIE). The affected versions are Trellix Threat Intelligence Exchange 4.0.0 and earlier.
    CVE ID: CVE-2023-22809 (High)
  • Vulnerability in FortiPresence Infrastructure Server (11 Apr 2023)

     A missing authentication for critical function vulnerability has been discovered in FortiPresence infrastructure server that may allow to access the Redis and MongoDB instances via crafted authentication requests. The affected products are FortiPresence 1.2 all versions, FortiPresence 1.1 all versions and FortiPresence 1.0 all versions. Security updates are available. 
    CVE ID: CVE-2022-41331 (Critical)
  • Multiple Vulnerabilities in Fortinet Products (11 Apr 2023)

     Multiple vulnerabilities have been discovered in several Fortinet products. Security updates are available.

  • Mozilla Released Security Updates for Thunderbird, Firefox ESR and Firefox 112, Firefox for Android and  Focus for Android (11 Apr 2023)

     Mozilla has released security updates to resolve multiple vulnerabilities in Thunderbird 102.10, Firefox ESR 102.10, and Firefox 112, Firefox for Android 112, and Focus for Android 112. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-29531 (High), CVE-2023-29532 (High), CVE-2023-29533 (High), CVE-2023-29535 (High), CVE-2023-29536 (High), CVE-2023-0547 (High), CVE-2023-29479 (Medium), CVE-2023-29539 (Medium), CVE-2023-29541 (Medium), CVE-2023-29542 (Medium), CVE-2023-29545 (Medium), CVE-2023-1945 (Medium), CVE-2023-29548 (Low), CVE-2023-29550 (High), CVE-2023-29534 (High), CVE-2023-29537 (High), CVE-2023-29538 (Medium), CVE-2023-29540 (Medium), CVE-2023-29543 (Medium), CVE-2023-29544 (Medium), CVE-2023-29546 (Low), CVE-2023-29547 (Low), CVE-2023-29549 (Low), CVE-2023-29551 (High)
  • Vulnerability in FANUC's Equipment ROBOGUIDE-HandlingPRO (11 Apr 2023)

     A path traversal vulnerability has been discovered in FANUC's Equipment- ROBOGUIDE-HandlingPRO that allows to read and/or overwrite files on the system running the affected software. The affected versions are ROBOGUIDE-HandlingPRO: Versions 9 Rev.ZD and prior. Security updates are available. 
    CVE ID: CVE-2023-1864 (Medium)
  • Microsoft Releases Guidance for the BlackLotus Campaign (11 Apr 2023)

     Microsoft has released guidance against threat actor's BlackLotus campaign which is exploiting secure boot security feature bypass vulnerability (CVE-2022-21894) via a Unified Extensible Firmware Interface (UEFI) bootkit. Adversary uses CVE-2022-21894, also known as Baton Drop, to bypass Windows Secure Boot and subsequently deploy malicious files to the EFI System Partition (ESP) that are launched by the UEFI firmware. Microsoft guidance covers techniques to determine if devices in an organisation are infected and recovery & prevention strategies to protect the environment.

  • WordPress Released Security Updates for JS package webpack package (11 Apr 2023)

     WordPress has released security updates to resolve the sandbox bypass vulnerability in the JS webpack package. The affected versions are JS package webpack package versions up to, and including, 5.75.0.
    CVE ID: CVE-2023-28154 (High)
  • WordPress Released Security Updates for PowerPress plugin (11 Apr 2023)

     WordPress has released security updates to resolve stored Cross-Site Scripting (XSS) vulnerability in PowerPress plugin. The affected versions are PowerPress plugin versions up to, and including, 10.0.
    CVE ID: CVE-2023-1917 (Medium)
  • Schneider Electric Security Updates for Easy UPS Online Monitoring Software (11 Apr 2023)

     Schneider Electric has released security updates to resolve multiple vulnerabilities in APC and Schneider Electric-branded Easy UPS Online Monitoring Software. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-29410 (High), CVE-2022-4224 (High), CVE-2023-28355 (High), CVE-2022-4046 (High), CVE-2023-27976 (High), CVE-2023-1548 (Medium), CVE-2023-29411 (Critical), CVE-2023-29412 (Critical), CVE-2023-29413 (High), CVE-2023-25619 (High), CVE-2023-25620 (Medium), CVE-2022-34755 (Medium), CVE-2022-45788 (High), CVE-2022-0221 (Medium) 
  • SAP Released April 2023 Security Notes (11 Apr 2023)

     SAP has released security notes to address several critical vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system. 
    CVE ID: CVE-2023-27267 (Critical), CVE-2022-41272 (Critical), CVE-2023-28765 (Critical), CVE-2023-27269 (Critical), CVE-2023-29186 (High)
  • Red Hat Security Updates (11 Apr 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.
    CVE ID: CVE-2023-1748 (Critical), CVE-2023-1749 (Medium), CVE-2023-1750 (High), CVE-2023-1751 (High), CVE-2023-1752 (High)
  • Schneider Electric Security Updates (11 Apr 2023)

     Schneider Electric has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Hikvision Security Update (10 Apr 2023)

    Hikvision has released security update to resolve an access control vulnerability in Hikvision Hybrid SAN/Cluster Storage products that can be used to obtain the admin permission.
    CVE ID: CVE-2023-28808 (Critical)
  • Ubuntu Released Security Update for Irssi package (10 Apr 2023)

     Ubuntu has released a security update to address a vulnerability in the irssi package. The affected product is Ubuntu 22.10.
    CVE ID: CVE-2023-29132 (High)
  • Multiple Vulnerabilities in WordPress Plugins (10 Apr 2023)

     Multiple vulnerabilities have been discovered in various WordPress plugins. The affected plugins are tencentcloud-cos plugin, MC Woocommerce Wishlist plugin, a3 Portfolio plugin and Better Search plugin. Security updates & patches are available for MC Woocommerce Wishlist plugin, a3 Portfolio plugin and Better Search plugin.

  • Multiple Vulnerabilities in Several IBM Products (10 Apr 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Debian Security Updates for lldpd and udisks2 Package (10 Apr 2023)

     Debian has released security updates to resolve multiple vulnerabilities in lldpd and udisks2.
    CVE ID: CVE-2020-27827 (High), CVE-2021-43612 (High), CVE-2021-3802 (Medium)
  • Red Hat Security Updates (10 Apr 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.
    CVE ID: CVE-2023-1748 (Critical), CVE-2023-1749 (Medium), CVE-2023-1750 (High), CVE-2023-1751 (High), CVE-2023-1752 (High)
  • Netgear Security Updates (08 Apr 2023)

     Netgear has released security updates to address multiple vulnerabilities in its products.  

  • Apple Security Updates (07 Apr 2023)

     Apple has released security updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected device.
    CVE ID: CVE-2023-28205, CVE-2023-28206
  • SUSE Security Updates (07 Apr 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (07 Apr 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Vulnerability in Industrial Control Links' Equipment (06 Apr 2023)

    External Control of File Name or Path vulnerability has been discovered in Industrial Control Links' Equipment- ScadaFlex II SCADA Controllers. Successful exploitation of this vulnerability may allow an authenticated attacker to overwrite, delete, or create files.
    CVE ID: CVE-2022-25359 (Critical)
  • Vulnerability in mySCADA Technologies' Equipment (06 Apr 2023)

    OS Command Injection vulnerability has been discovered in mySCADA Technologies' Equipment- mySCADA myPRO. Successful exploitation of this vulnerability may allow an authenticated user to inject arbitrary operating system commands. The affected versions are myPRO: versions 8.26.0 and prior.
    CVE ID: CVE-2023-28400 (Critical), CVE-2023-28716 (Critical), CVE-2023-28384 (Critical), CVE-2023-29169 (Critical), CVE-2023-29150 (Critical)
  • Google Released Security Updates for Chrome (06 Apr 2023)

     Google has released Stable channel 112.0.5615.62 (Platform version: 15359.45.0) for most ChromeOS devices, Dev channel 114.0.5696.0 for Windows, Linux and Mac, Chrome Dev 114 (114.0.5696.0) for Android, Beta channel OS version: 15393.12.0 Browser version: 113.0.5672.21 for most ChromeOS devices, Chrome 113.0.5672.24 for Windows, Mac and Linux, and Chrome Beta 113 (113.0.5672.24) for Android.

  • Ubuntu Released Security Updates for 16.04 ESM(06 Apr 2023)

     Ubuntu has released security updates to address several vulnerabilities in Emacs, and Linux kernel. The affected product is Ubuntu 16.04 ESM.

  • JTEKT ELECTRONICS CORPORATION Security Update (06 Apr 2023)

     JTEKT ELECTRONICS CORPORATION has released security updates to address out of bounds read, out of bounds write, and use after free vulnerabilities in its equipment- Screen Creator Advance 2. The affected version is JTEKT ELECTRONICS Screen Creator Advance 2: Ver0.1.1.4 Build01.
    CVE ID: CVE-2023-22345 (High), CVE-2023-22346 (High), CVE-2023-22347 (High), CVE-2023-22349 (High), CVE-2023-22350 (High), CVE-2023-22353 (High), CVE-2023-22360 (High)
  • JTEKT ELECTRONICS CORPORATION Security Update (06 Apr 2023)

     JTEKT ELECTRONICS CORPORATION has released security updates to address out of bounds read and use after free vulnerabilities in its equipment- Kostac PLC Programming Software. The affected versions are JTEKT ELECTRONICS Kostac PLC Programing Software: Versions 1.6.9.0 and earlier.
    CVE ID: CVE-2023-22419 (High), CVE-2023-22421 (High), CVE-2023-22424 (High)
  • Multiple Vulnerabilities in Korenix's Equipment (06 Apr 2023)

     Multiple vulnerabilities have been discovered in Korenix's Equipment- Jetwave that can allow to gain full access to the underlying operating system of the device or cause a Denial of Service (DoS) condition. 
    CVE ID: CVE-2023-23294 (High), CVE-2023-23295 (High), CVE-2023-23296 (Medium)
  • Microsoft Edge Security Update (06 Apr 2023)

     Microsoft has released Microsoft Edge Stable Channel (Version 112.0.1722.34) to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-28284 (Medium), CVE-2023-24935 (Low), CVE-2023-28301 (Medium)
  • Cisco Released Security Updates for Multiple Products (05 Apr 2023)

     Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker may exploit these vulnerabilities to take control of an affected system.

  • Vulnerability in Yokogawa CENTUM Authentication Mode (05 Apr 2023)

     An elevation of privilege vulnerability has been discovered in Yokogawa CENTUM Authentication Mode because of cleartext storage of sensitive information. The mitigation is available.
    CVE ID: CVE-2023-26593 (Medium)
  • GitLab Security Update (05 Apr 2023)

     GitLab has released Community Edition and Enterprise Edition version 15.10.2 to resolve a number of regressions and bugs.

  • Multiple Vulnerabilities in Nexx's Equipment (04 Apr 2023)

    Multiple vulnerabilities have been discovered in Nexx's Equipment- Garage Door Controller, Smart Plug and in Smart Alarm that can allow to receive sensitive information, execute Application Programmable Interface (API) requests, or can hijack devices. The affected versions are Nexx Garage Door Controller (NXG-100B, NXG-200): nxg200v-p3-4-1 and prior, Nexx Smart Plug (NXPG-100W): nxpg100cv4-0-0 and prior, and Nexx Smart Alarm (NXAL-100): nxal100v-p1-9-1and prior.
    CVE ID: CVE-2023-1748 (Critical), CVE-2023-1749 (Medium), CVE-2023-1750 (High), CVE-2023-1751 (High), CVE-2023-1752 (High)
  • Google Released Security Updates for Chrome (04 Apr 2023)

    Google has released Dev channel OS version: 15393.12.0 Browser version: 113.0.5672.21 for most ChromeOS devices, Chrome Dev 113 (113.0.5672.24) & Chrome 112 (112.0.5615.47/.48) for Android, Chrome Stable 112 (112.0.5615.46) for iOS, and Dev channel 113.0.5672.24 for Windows, Linux and Mac and Chrome 112.0.5615.49 (Linux and Mac) & 112.0.5615.49/50( Windows) tor resolve multiple vulnerabilities.
    CVE ID: CVE-2023-1810 (High), CVE-2023-1811 (High), CVE-2023-1812 (Medium), CVE-2023-1813 (Medium), CVE-2023-1814 (Medium), CVE-2023-1815 (Medium), CVE-2023-1816 (Medium), CVE-2023-1817 (Medium), CVE-2023-1818 (Medium), CVE-2023-1819 (Medium), CVE-2023-1820 (Medium), CVE-2023-1821 (Low), CVE-2023-1822 (Low), CVE-2023-1823 (Low) 
  • Palo Alto Networks Products Affected by Rorschach Ransomware (04 Apr 2023)

    It has been discovered that Rorschach ransomware is targeting Palo Alto Networks Products by using the DLL side-loading technique. The updates are available.

  • Android Security Updates (03 Apr 2023)

     Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2023-04-05 or later, address all of these issues.

  • Trellix Security Updates (03 Apr 2023)

    Trellix has released security updates to address improper preservation of permissions and heap based buffer overflow vulnerabilities in Trellix Agent. The affected versions are Trellix Agent IS 5.7.8 and earlier.
    CVE ID: CVE-2023-0975 (High), CVE-2023-0977 (Medium)
  • Vulnerability in SonicWall (01 Apr 2023)

    A vulnerability has been discovered in the IEEE 802.11 implementation of SonicWall which allows to spoof the MAC address of a device on the network and send power-saving frames to access points, forcing them to start queuing frames destined for the target.
    CVE ID: CVE-2022-47522 (Low)
  • Vulnerability in 3CX DesktopApp (30 Mar 2023)

    Vulnerability has been discovered in 3CX DesktopApp's Electron Windows App. The affected versions are Electron Mac App version numbers 18.11.1213 shipped with Update 6, and 18.12.402, 18.12.407 & 18.12.416 in Update 7. 

  • GitLab Security Updates (30 Mar 2023)

    GitLab has released updated versions 15.10.1, 15.9.4, and 15.8.5 for GitLab Community Edition (CE) and Enterprise Edition (EE).
    CVE ID: CVE-2022-3513 (Medium), CVE-2023-0485 (Medium), CVE-2023-1098 (Medium), CVE-2023-1733 (Medium), CVE-2023-0319 (Medium), CVE-2023-1708 (Medium), CVE-2023-0838 (Medium), CVE-2023-0523 (Medium), CVE-2023-0155 (Medium), CVE-2023-1167 (Medium), CVE-2023-1787 (Medium), CVE-2023-1417 (Medium), CVE-2023-1710 (Medium), CVE-2023-0450 (Low), CVE-2023-1071 (Low), CVE-2022-3375 (Low)
  • Samba Security Updates (29 Mar 2023)

    Samba has released security updates to address multiple vulnerabilities in its products. All versions of Samba since 4.0 prior to 4.16.10, 4.17.7, 4.18.1 are affected.
    CVE ID: CVE-2023-0225 (Medium), CVE-2023-0922 (Medium), CVE-2023-0614 (High)
  • Red Hat Security Updates (29 Mar 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Hitachi Energy MicroSCADA Systems (28 Mar 2023)

    Multiple vulnerabilities have been discovered in Hitachi Energy's MicroSCADA System Data Manager SDM600 products. The affected versions are: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291), and All SDM600 versions prior to version 1.3.0 (Build Nr. 1.3.0.1339). The updates & mitigations are available.
    CVE ID: CVE-2022-3682 (Critical), CVE-2022-3683 (High), CVE-2022-3684 (High), CVE-2022-3685 (High), CVE-2022-3686 (Medium)
  • Ubuntu Released Security Updates for Multiple Products (28 Mar 2023)

    Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 16.04 ESM.

  • Multiple Vulnerabilities in WordPress Plugins (28 Mar 2023)

    Multiple vulnerabilities have been discovered in various WordPress plugins. Security updates & patches are available.

  • Dell Security Update (28 Mar 2023)

    Dell has released a security update to address a broken or risky cryptographic algorithm vulnerability in Dell CloudLink that can lead to information disclosure. The affected versions are Dell CloudLink 7.1.2 and prior.
    CVE ID: CVE-2023-28082 (Medium)
  • Mozilla Released Security Update for Thunderbird (28 Mar 2023)

    Mozilla has released a security update to address a Denial of Service (DoS) vulnerability in Thunderbird 102.9.1. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-28427 (High)
  • SUSE Security Updates (28 Mar 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (28 Mar 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Red Hat Security Updates (28 Mar 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in HP DesignJet and PageWide XL Products (27 Mar 2023)

    An information disclosure vulnerability has been discovered in DesignJet and PageWide XL TAA compliant models printers.
    CVE ID: CVE-2023-1526 (Medium)
  • Vulnerability in OMICRON (27 Mar 2023)

    A vulnerability has been discovered that can be exploited by providing a modified firmware update image in OMICRON StationGuard and OMICRON StationScout allows to gain root access to the system. The affected versions are OMICRON StationGuard and OMICRON StationScout before 2.21.
    CVE ID: CVE-2023-28610 (Critical)
  • Vulnerability in TP-Link (27 Mar 2023)

    A command injection vulnerability has been discovered in TP-Link MR3020 that allows to execute arbitrary commands via a crafted request to the tftp endpoint. The affected version is TP-Link MR3020 v.1_150921.
    CVE ID: CVE-2023-27078 (Critical)
  • Ubuntu Released Security Updates for Multiple Products (27 Mar 2023)

    Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, Ubuntu 14.04 ESM, and Ubuntu 22.10.

  • Vulnerability in WordPress TH Side Cart and Menu Cart plugin (27 Mar 2023)

    A Cross-Site Request Forgery (CSRF) vulnerability has been discovered in WordPress TH Side Cart and Menu Cart plugin. The affected versions are TH Side Cart and Menu Cart plugin versions up to, and including, 1.1.1.

  • Apple Security Updates (27 Mar 2023)

    Apple has released security updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected device.
    CVE ID: CVE-2023-27965, CVE-2023-27932, CVE-2023-27954, CVE-2023-23541, CVE-2023-27961, CVE-2023-23543, CVE-2023-27936, CVE-2023-23537, CVE-2023-27956, CVE-2023-27928, CVE-2023-27946, CVE-2023-23535, CVE-2023-27941, CVE-2023-27969, CVE-2023-27949, CVE-2023-28182, CVE-2023-27963, CVE-2023-27954, CVE-2023-23529, CVE-2023-23541, CVE-2023-23540, CVE-2023-27959, CVE-2023-27970, CVE-2023-23532, CVE-2023-23527, CVE-2023-27931, CVE-2023-23494, CVE-2023-27955, CVE-2023-23528, CVE-2023-28181, CVE-2023-27968, CVE-2023-27951, CVE-2023-23534, CVE-2023-0433  CVE-2023-0512
  • Google Released Security Updates for Chrome (27 Mar 2023)

    Google has released Chrome Stable channel 111.0.5563.147 for Mac and Linux and 111.0.5563.146/.147 for Windows.

  • SUSE Security Updates (27 Mar 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (27 Mar 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Debian Security Update for runc Package (27 Mar 2023)

    Debian has released a security update to resolve multiple vulnerabilities in runc package.
    CVE ID: CVE-2019-16884 (High), CVE-2019-19921 (High), CVE-2021-30465 (High), CVE-2022-29162 (High), CVE-2023-27561 (High)
  • Vulnerability in NginxProxyManager (27 Mar 2023)

    A vulnerability has been discovered in NginxProxyManager that allows to execute arbitrary code via a lua script to the configuration file. The affected version is NginxProxyManager v.2.9.19.
    CVE ID: CVE-2023-27224 (Critical)
  • Vulnerability in baserCMS (27 Mar 2023)

    It has been discovered that baserCMS allows an authenticated user to upload arbitrary files. The affected versions are baserCMS prior to 4.7.5.
    CVE ID: CVE-2023-25655 (Medium)
  • Red Hat Security Updates (27 Mar 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (26 Mar 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Debian Security Update (26 Mar 2023)

    Debian has released a security update to resolve multiple vulnerabilities in libreoffice package, which can lead to arbitrary script execution, improper certificate validation, and weak encryption of password storage in the user’s configuration database.
    CVE ID: CVE-2021-25636 (High), CVE-2022-3140 (Medium), CVE-2022-26305 (High), CVE-2022-26306 (High), CVE-2022-26307 (High)
  • SUSE Security Updates (25 Mar 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Vulnerability in IBM Security Guardium Key Lifecycle Manager (24 Mar 2023)

    A SQL injection vulnerability has been discovered in IBM Security Guardium Key Lifecycle Manager, which can allow to view, add, modify or delete information in the back-end database. The affected versions are IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1.
    CVE ID: CVE-2023-25684 (Critical)
  • Vulnerability in PrestaShop (24 Mar 2023)

    A SQL injection vulnerability has been discovered in eo_tags package for PrestaShop. The affected versions are eo_tags package before 1.4.19 for PrestaShop.
    CVE ID: CVE-2023-27570 (Critical)
  • Vulnerability in PrestaShop (24 Mar 2023)

    A SQL injection vulnerability has been discovered in eo_tags package for PrestaShop via an HTTP User-Agent or Referer header. The affected versions are eo_tags package before 1.3.0 for PrestaShop.
    CVE ID: CVE-2023-27569 (Critical)
  • Vulnerability in Soko (24 Mar 2023)

    A SQL injection vulnerability via the `q` parameter has been discovered in Soko. The affected versions are Soko prior to 1.0.2.
    CVE ID: CVE-2023-28424 (Critical)
  • Vulnerability in IBOS (24 Mar 2023)

    A SQL injection vulnerability has been discovered in IBOS. The affected version is IBOS 4.5.5.
    CVE ID: CVE-2023-1494 (Critical)
  • Vulnerability in Contiki-NG (24 Mar 2023)

    An out-of-bounds write vulnerability has been discovered in the BLE L2CAP module of the Contiki-NG operating system. The affected versions are Contiki-NG 4.8 and prior.
    CVE ID: CVE-2023-28116 (Critical)
  • Vulnerability in Snappy (24 Mar 2023)

    It has been discovered that Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the `file_exists()` function, which can lead to Remote Code Execution (RCE). The affected versions are Snappy prior to 1.4.2.
    CVE ID: CVE-2023-28115 (Critical)
  • Vulnerability in Cilium (24 Mar 2023)

    A vulnerability has been discovered in Cilium that can cause disruption to newly established connections during a short period when Cilium eBPF programs are not attached to the host due to the lack of Load Balancing, or can cause Network Policy bypass due to the lack of Network Policy enforcement. The affected version is Cilium 1.13.0.
    CVE ID: CVE-2023-27595 (Critical)
  • Vulnerability in Exynos Baseband (24 Mar 2023)

    An improper authorisation implementation vulnerability has been discovered in Exynos baseband that allows incorrect handling of unencrypted messages. The affected version is Exynos baseband prior to SMR Mar-2023 Release 1.
    CVE ID: CVE-2023-21455 (Critical)
  • Vulnerability in Chamberlain myQ (24 Mar 2023)

    It has been discovered that a lack of rate limiting on the password reset endpoint of Chamberlain allows to compromise user accounts via a bruteforce attack. The affected version is Chamberlain myQ v5.222.0.32277 (on iOS).
    CVE ID: CVE-2023-24080 (Critical)
  • Google Released Security Updates for Chrome (24 Mar 2023)

    Google has released Chrome Beta 112 (112.0.5615.40) for iOS, Dev channel 113.0.5668.0 for Windows, Linux and Mac, and LTS-108 LTS channel 108.0.5359.224 (Platform Version: 15183.86.0) for most ChromeOS devices to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-0941 (Critical), CVE-2023-1215 (High), CVE-2023-1218 (High), CVE-2023-1219 (High), CVE-2023-1220 (High), CVE-2023-0931 (high)
  • WordPress Released Security Update for SVG Sanitizer library (24 Mar 2023)

    WordPress has released security updates to resolve XSS Bypass vulnerability in SVG Sanitizer library. The affected versions are SVG Sanitizer library versions up to, and including, 0.15.4.
    CVE ID: CVE-2023-28426 (high)
  • Microsoft Edge Security Update (24 Mar 2023)

    Microsoft has released Microsoft Edge Stable Channel (Version 111.0.1661.54) to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-28286 (Medium), CVE-2023-28261 (Medium)
  • Multiple Vulnerabilities in Several NetApp Products (24 Mar 2023)

    Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates are available for some products.
    CVE ID: CVE-2023-0767 (High), CVE-2023-0804 (Medium), CVE-2023-23931 (Medium), CVE-2023-24329 (High), CVE-2023-24807 (High)
  • Red Hat Security Updates (24 Mar 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Ubuntu Released Security Updates for Graphviz Package (24 Mar 2023)

    Ubuntu has released security updates to address several vulnerabilities in Graphviz package. The affected products are Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 14.04 ESM.
    CVE ID: CVE-2019-11023 (High), CVE-2018-10196 (Medium), CVE-2020-18032 (High)
  • Vulnerability in WAB-MAT (24 Mar 2023)

    It has been discovered that WAB-MAT registers its windows service executable with an unquoted file path, which can allow malicious executable be placed on a certain path,  & executed with the privilege of the Windows service. The affected versions are WAB-MAT Ver.5.0.0.8 and earlier.
    CVE ID: CVE-2023-22282 (High)
  • Multiple Vulnerabilities in WordPress Plugins (23 Mar 2023)

    Multiple vulnerabilities have been discovered in various WordPress plugins. Security updates & patches are available.

  • Vulnerability in RoboDK's Equipment (23 Mar 2023)

    An incorrect permission assignment for critical resource vulnerability has been discovered in RoboDK's Equipment- RoboDK that can allow to escalate privileges. The affected versions are RoboDK v5.5.3 and prior. 
    CVE ID: CVE-2023-1516 (High)
  • Vulnerability in CP Plus' Equipment (23 Mar 2023)

    An insufficiently protected credentials vulnerability has been discovered in CP Plus' Equipment- KVMS Pro that can allow to retrieve sensitive credentials and control the entire CCTV system. The affected versions are CP Plus KVMS Pro V2.01.0.T.190521 and prior. 
    CVE ID: CVE-2023-1518 (High)
  • Multiple Vulnerabilities in SAUTER's Equipment (23 Mar 2023)

    Multiple vulnerabilities have been discovered in SAUTER's Equipment- EY-modulo 5 Building Automation Stations that can lead to privilege escalation, unauthorized execution of actions, a Denial of Service (DoS) condition, or retrieval of sensitive information. The affected version is EY-modulo 5 Building Automation Stations: EY-AS525F001 with moduWeb. 
    CVE ID: CVE-2023-2865 (High), CVE-2023-28655 (High), CVE-2023-22300 (High), CVE-2023-27927 (High), CVE-2023-28652 (Medium)
  • Multiple Vulnerabilities in ABB Pulsar Plus Controller(23 Mar 2023)

    Multiple vulnerabilities have been discovered in ABB Pulsar Plus Controller that can allow to take control of the product or execute arbitrary code. The affected products are ABB Infinity DC Power Plant – H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415  and ABB Pulsar Plus System Controller – NE843_S – comcode 150042936. 
    CVE ID: CVE-2022-1607 (Medium), CVE-2022-26080 (Medium)
  • Vulnerability in WooCommerce Payments plugin (23 Mar 2023)

    An authentication bypass vulnerability has been discovered in WooCommerce Payments plugin. The affected versions are WooCommerce Payments plugin versions up to, and including, 5.6.1.

  • Google Released Security Updates for Chrome (23 Mar 2023)

    Google has released Dev channel OS version: 15389.0.0 Browser version: 113.0.5650.0 for most ChromeOS devices, Chrome Dev 113 (113.0.5668.0) for Android, Beta channel is being updated to ChromeOS version: 15359.31.0 and Browser version: 112.0.5615.37 for most devices, Beta channel 112.0.5615.39 for Windows, Linux and Mac, and Chrome Beta 112 (112.0.5615.37) for iOS.

  • NVIDIA Security Updates (23 Mar 2023)

    NVIDIA has released released a firmware security update for NVIDIA DGX-2 server, DGX A100 server, and DGX Station A100  to address code execution, Denial of Service (DoS), escalation of privileges, loss of data integrity, information disclosure, or data tampering vulnerabilities. 
    CVE ID: CVE-2022-42274 (High), CVE-2022-42280 (High), CVE-2022-42282 (Medium), CVE-2022-42283 (Medium), CVE-2022-42286 (Medium), CVE-2022-42287 (Medium), CVE-2022-42289 (High), CVE-2022-42290 (High), CVE-2023-0200 (High), CVE-2023-0201 (Medium), CVE-2023-0202 (High), CVE-2023-0206 (High), CVE-2023-0207 (High)
  • SUSE Security Updates (23 Mar 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Netgear (23 Mar 2023)

    Multiple vulnerabilities have been discovered in Orbi WiFi Systems, and RBR750 Orbi WiFi 6 Router. Security updates are available for Orbi WiFi Systems.

  • ClamAV EOL of 0.104.x Versions (23 Mar 2023)

    ClamAV 0.104.0 (and all patch versions) will no longer be supported in accordance with ClamAV's EOL policy effective from 28 March 2023. 

  • Multiple Vulnerabilities in ProPump and Controls Inc.'s Equipment (23 Mar 2023)

    Multiple Vulnerabilities have been discovered in ProPump and Controls Inc.'s Equipment- Osprey Pump Controller, which can allow to gain unauthorized access, retrieve sensitive information, modify data, cause a Denial of Service (DoS), and/or gain administrative control. The affected version is Osprey Pump Controller version 1.01.
    CVE ID: CVE-2023-28395 (High), CVE-2023-28375, CVE-2023-28654 (Critical), CVE-2023-27886 (Critical), CVE-2023-27394 (Critical), CVE-2023-28648 (High), CVE-2023-28398 (Critical), CVE-2023-28718 (High), CVE-2023-28712 (High)
  • Red Hat Security Updates (23 Mar 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Ubuntu Released Security Updates for Amanda Package (23 Mar 2023)

    Ubuntu has released security updates to address several vulnerabilities in amanda package. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
    CVE ID: CVE-2022-37703 (Low), CVE-2022-37704 (Medium), CVE-2022-37705 (Medium)
  • Multiple Vulnerabilities in Several IBM Products (23 Mar 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Cisco Released Security Updates for Multiple Products (22 Mar 2023)

    Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker may exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-20027 (High), CVE-2023-20065 (High), CVE-2023-20035 (High), CVE-2023-20072 (High), CVE-2023-20080 (High), CVE-2023-20067 (High), CVE-2023-20055 (High), CVE-2023-20082 (High), CVE-2023-20112 (High), CVE-2023-20066 (Medium), CVE-2023-20113 (Medium), CVE-2023-20029 (Medium), CVE-2023-20059 (Medium), CVE-2023-20100 (Medium), CVE-2023-20081 (Medium), CVE-2023-20107 (Medium), CVE-2023-20056 (Medium), CVE-2023-20097 (Medium)
  • Google Released Security Update for Chrome (22 Mar 2023)

    Google has released Chrome Beta 112 (112.0.5615.37) for Android.

  • SUSE Security Updates (22 Mar 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Vulnerability in Flatpak (22 Mar 2023)

    A vulnerability has been discovered in Flatpak when it runs on a Linux virtual console. The affected versions are Flatpak prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4.
    CVE ID: CVE-2023-28100 (Critical)
  • Vulnerability in Kirin Fortress Machine (22 Mar 2023)

    A SQL Injection vulnerability has been discovered in Kirin Fortress Machine that allows attackers to execute arbitrary code. The affected version is Kirin Fortress Machine v.1.7-2020-0610.
    CVE ID: CVE-2023-26784 (Critical)
  • Vulnerability in JHR-N916R Router (22 Mar 2023)

    A command execution vulnerability has been discovered in JHR-N916R router. The affected version is JHR-N916R router firmware version 21.11.1.1483 and prior.
    CVE ID: CVE-2023-24795 (Critical)
  • Vulnerability in SA-WR915ND Router (22 Mar 2023)

    A code execution vulnerability has been discovered in SA-WR915ND router. The affected version is SA-WR915ND router firmware v17.35.1.
    CVE ID: CVE-2023-23150 (Critical)
  • Multiple Vulnerabilities in Jenkins (21 Mar 2023)

    Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
    CVE ID: CVE-2023-28668 (Medium), CVE-2023-28669 (High), CVE-2023-28670 (High), CVE-2023-28671 (Medium), CVE-2023-28672 (High), CVE-2023-28673 (Medium), CVE-2023-28674 (Medium), CVE-2023-28675 (Medium), CVE-2023-28676 (High), CVE-2023-28677 (High), CVE-2023-28678 (High), CVE-2023-28679 (High), CVE-2023-28680 (High), CVE-2023-28681 (High), CVE-2023-28682 (High), CVE-2023-28683 (High), CVE-2023-28684 (High), CVE-2023-28685 (High)
  • Vulnerability in Keysight Technologies' Equipment (21 Mar 2023)

    Deserialization of untrusted data vulnerability has been discovered in Keysight Technologies' Equipment- N6854A Geolocation Sever, which can allow to escalate privileges in the affected device’s default configuration, resulting in Remote Code Execution (RCE) or deleting system files and folders. The affected versions are Keysight N6854A Geolocation Server versions 2.4.2 and prior. 
    CVE ID: CVE-2023-1399 (High)
  • Vulnerability in Siemens' Equipment (21 Mar 2023)

    A Time-of-check Time-of-use (TOCTOU) race condition vulnerability has been discovered in Siemens' equipment- RUGGEDCOM APE1808 product family that can lead to system crashing or escalation of privileges. 
    CVE ID: CVE-2022-32469 (High), CVE-2022-32470 (High), CVE-2022-32471 (High), CVE-2022-32475 (High), CVE-2022-32477 (High), CVE-2022-32953 (High), CVE-2022-32954 (High)
  • Vulnerability in Siemens' Equipment (21 Mar 2023)

    An infinite loop vulnerability has been discovered in Siemens' Equipment- RADIUS client of SIPROTEC 5 devices. The workarounds and mitigation are available.
    CVE ID: CVE-2022-38767 (High)
  • Vulnerability in VISAM's Equipment (21 Mar 2023)

    An improper restriction of XML external entity reference vulnerability has been discovered in VISAM's Equipment- VBASE, that can allow an attacker to obtain sensitive information from the target device. The mitigation is available.
    CVE ID: CVE-2022-41696 (Medium), CVE-2022-43512 (Medium), CVE-2022-45121 (Medium), CVE-2022-45468 (Medium), CVE-2022-45876 (Medium), CVE-2022-46286 (Medium), CVE-2022-46300 (Medium)
  • Multiple Vulnerabilities in Siemens' Equipment (21 Mar 2023)

    Multiple vulnerabilities have been discovered in various third-party components used in Siemens's SCALANCE W-700 devices, which can cause a Denial of Service (DoS) condition or disclose sensitive data. The mitigation is available. 
    CVE ID: CVE-2018-12886 (High), CVE-2018-25032 (High), CVE-2021-42373 (Medium), CVE-2021-42374 (Medium), CVE-2021-42375 (Medium), CVE-2021-42376 (Medium), CVE-2021-42377 (Medium), CVE-2021-42378 (Medium), CVE-2021-42379 (Medium), CVE-2021-42380 (Medium), CVE-2021-42381 (Medium), CVE-2021-42382 (Medium), CVE-2021-42383 (Medium), CVE-2021-42384 (Medium), CVE-2021-42385 (Medium), CVE-2021-42386 (Medium), CVE-2022-23395 (Medium) 
  • WordPress Released Security Updates for Open Graphite plugin (21 Mar 2023)

    WordPress has released security updates to resolve multiple vulnerabilities in the Open Graphite plugin. The affected versions are Open Graphite plugin versions up to, and including, 1.6.0.
    CVE ID: CVE-2022-47439 (Medium)
  • Multiple Vulnerabilities in WordPress Plugins (21 Mar 2023)

    Multiple vulnerabilities have been discovered in various WordPress plugins. Security updates & patches are available.

  • Google Released Security Updates for Chrome (21 Mar 2023)

    Google has released Chrome 111 (111.0.5563.115/.116) for Android, Chrome Stable 111 (111.0.5563.101) for iOS, Extended Stable channel 110.0.5481.208 for Windows and Mac, Stable channel OS version: 15329.52.0 Browser version: 111.0.5563.100 for most ChromeOS devices, and Stable channel has been updated to 111.0.5563.110 for Mac and Linux and 111.0.5563.110/.111 for Windows to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-1528 (High), CVE-2023-1529 (High), CVE-2023-1530 (High), CVE-2023-1531 (High), CVE-2023-1532 (High), CVE-2023-1533 (High), CVE-2023-1534 (High)
  • Vulnerability in OpenSSL (21 Mar 2023)

    A vulnerability has been discovered in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. The updates are available.
    CVE ID: CVE-2023-0464 (Low)
  • Vulnerability in D-Link (21 Mar 2023)

    An OS command injection vulnerability has been discovered in D-Link that allows to escalate privileges to root via a crafted payload. The affected version is D-Link DIR820LA1_FW105B03.
    CVE ID: CVE-2023-25280 (Critical)
  • Vulnerability in Tenda AX3 (21 Mar 2023)

    A command injection vulnerability has been discovered in Tenda AX3. The affected version is Tenda AX3 V16.03.12.11.
    CVE ID: CVE-2023-27240 (Critical)
  • Vulnerability in Tenda AX3 (21 Mar 2023)

    A stack overflow vulnerability has been discovered in Tenda AX3. The affected version is Tenda AX3 V16.03.12.11.
    CVE ID: CVE-2023-27239 (Critical)
  • Vulnerability in Netgear (21 Mar 2023)

    An authentication bypass vulnerability has been discovered in Netgear RAX30 (AX2400) that allows to gain administrative access to the device's web management interface by resetting the admin password. The affected versions are Netgear RAX30 (AX2400) prior to version 1.0.6.74.
    CVE ID: CVE-2023-1327 (Critical)
  • Vulnerability in Altenergy Power Control Software (21 Mar 2023)

    An OS command injection vulnerability has been discovered in Altenergy Power Control Software. The affected version is Altenergy Power Control Software C1.2.5.
    CVE ID: CVE-2023-28343 (Critical)
  • Multiple Vulnerabilities in Delta Electronics' Equipment (21 Mar 2023)

    Multiple Vulnerabilities have been discovered in Delta Electronics' Equipment- InfraSuite Device Master that can allow to obtain access to files and credentials, escalate privileges, and remotely execute arbitrary code. The affected versions are InfraSuite Device Master prior to 1.0.5.
    CVE ID: CVE-2023-1133 (Critical), CVE-2023-1139 (High), CVE-2023-1145 (High), CVE-2023-1138 (High), CVE-2023-1144 (High), CVE-2023-1137 (Medium), CVE-2023-1143 (High), CVE-2023-1134 (High), CVE-2023-1142 (High), CVE-2023-1136 (Critical), CVE-2023-1141 (High), CVE-2023-1135 (High), CVE-2023-1140 (Critical)
  • Multiple Vulnerabilities in Rockwell Automation's Equipment (21 Mar 2023)

    Multiple vulnerabilities have been discovered in Rockwell Automation's Equipment- ThinManager ThinServer that can allow to perform Remote Code Execution (RCE) on the target system/device or crash the software. The mitigations are available.
    CVE ID: CVE-2023-27855 (Critical), CVE-2023-27856 (High), CVE-2023-27857 (High)
  • CVE - KB Correlation (20 Mar 2023)

    List of CVE IDs and corresponding Knowledge Base IDs as released by Microsoft during March 2023.

  • Red Hat Security Updates (20 Mar 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (19 Mar 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Vulnerability in Combodo iTop (18 Mar 2023)

    It has been discovered that a reset password token is generated without any randomness parameter in Combodo iTop that can lead to account takeover. The affected versions are Combodo iTop prior to versions 2.7.8 and 3.0.2-1.
    CVE ID: CVE-2022-39216 (Critical)
  • SUSE Security Updates (18 Mar 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in WordPress Plugins (17 Mar 2023)

    Multiple vulnerabilities have been discovered in various WordPress plugins. Security updates & patches are available for some plugins.
    CVE ID: CVE-2023-1470 (Medium), CVE-2023-1471 (High), CVE-2023-1472 (Medium), CVE-2023-1469 (Medium), CVE-2023-1172 (High)
  • Vulnerability in SAP NetWeaver AS (17 Mar 2023)

    Directory traversal vulnerability has been discovered in SAP NetWeaver AS. The affected versions are SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791.
    CVE ID: CVE-2023-27501 (Critical)
  • Vulnerability in D-Link DIR-867 (17 Mar 2023)

    OS Command injection vulnerability has been discovered in D-Link DIR-867 that allows allows attackers to execute arbitrary commands. The affected version is D-Link DIR-867 DIR_867_FW1.30B07.
    CVE ID: CVE-2023-24762 (Critical)
  • Vulnerability in Webpack 5 (17 Mar 2023)

    It has been discovered that Webpack 5 does not avoid cross-realm object access. The affected versions are Webpack 5 before 5.76.0.
    CVE ID: CVE-2023-28154 (Critical)
  • Red Hat Security Updates (17 Mar 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • TP-Link Security Update (17 Mar 2023)

     TP-Link has released security update to address SSH host keys vulnerability in T2600G-28SQ. The affected versions are T2600G-28SQ firmware versions prior to T2600G-28SQ(UN)_V1_1.0.6 Build 20230227.
    CVE ID: CVE-2023-28368 (Medium)
  • LockBit 3.0 Ransomware (16 Mar 2023)

    It has been observed that in recent campaign  Lockbit 3.0 ransomware is using multiple technique to gain initial access into the victim’s network, such as brute-force attacks against user credentials to compromise internet-facing Remote Desktop Protocol (RDP) and Virtual Private Network (VPN) access , use of purchased or stolen credentials from initial access brokers, phishing attacks to obtain user credentials and exploitation of known vulnerabilities in software and security misconfigurations.

  • Vulnerability in Rockwell Automation's Equipment (16 Mar 2023)

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability has been discovered in Rockwell Automation's Equipment- Modbus TCP Server Add-On Instruction (AOI) that allow an unauthorized user to read the connected device’s Modbus TCP Server AOI information. The affected versions are Rockwell Automation Modbus TCP Server AOI 2.00 and 2.03.
    CVE ID: CVE-2023-0027 (Medium)
  • Foxit PDF Editor Security Updates (16 Mar 2023)

    Foxit has released updated Foxit PhantomPDF 10.1.11 to resolve multiple vulnerabilities in Foxit PhantomPDF 10.1.10.37854 and earlier.

  • Multiple Vulnerabilities in Several NetApp Products (16 Mar 2023)

    Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates are available for some products.
    CVE ID: CVE-2023-0240 (High), CVE-2023-0751 (Medium), CVE-2023-24580 (High), CVE-2023-26545 (High)
  • Multiple Vulnerabilities in Honeywell's Equipment (16 Mar 2023)

    Multiple vulnerabilities such as Command Injection, Use of Insufficiently Random Values, and Missing Authentication for Critical Function have been discovered in Honeywell's Equipment- OneWireless Wireless Device Manager (WDM). All versions of OneWireless WDM up to R322.1 are affected.
    CVE ID: CVE-2022-46361 (Critical), CVE-2022-43485 (Medium), CVE-2022-4240 (High)
  • AVEVA Security Updates (16 Mar 2023)

    AVEVA has released security updates to address multiple vulnerabilities in its equipment- InTouch Access Anywhere, Plant SCADA Access Anywhere that can allow an unauthenticated user to read files on the system, execute arbitrary code, or create a denial-of-service condition. The affected versions are InTouch Access Anywhere: 2023 and prior, and Plant SCADA Access Anywhere: 2020 R2 and prior.
    CVE ID: CVE-2022-23854 (High), CVE-2021-3711 (Critical), CVE-2020-11022 (Medium)
  • Google Released Security Updates for Chrome (16 Mar 2023)

     Google has released Chrome Dev 113 (113.0.5651.0) for Android, dev channel 113.0.5653.0 for Windows, Linux and Mac, and Beta channel ChromeOS version: 15359.24.0 and Browser version: 112.0.5615.29 for most devices.

  • Vulnerability in E-Commerce System (16 Mar 2023)

     SQL injection vulnerability has been discovered in E-Commerce System. The affected version is E-Commerce System v1.0.
    CVE ID: CVE-2023-27052 (Critical)
  • Vulnerability in D-Link (16 Mar 2023)

     OS Command injection vulnerability has been discovered in D-Link that allows attackers to escalate privileges to root via a crafted payload. The affected version is D-Link DIR820LA1_FW105B03.
    CVE ID: CVE-2023-25279 (Critical)
  • Vulnerability in 10Web Map Builder (16 Mar 2023)

     SQL injection vulnerability has been discovered in 10Web Map Builder for Google Maps WordPress plugin that does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users. The affected versions are 10Web Map Builder for Google Maps WordPress plugin before 1.0.73.
    CVE ID: CVE-2023-0037 (Critical)
  • Vulnerability in Tenda (16 Mar 2023)

     Buffer overflow vulnerability has been discovered in Tenda that allows attackers to cause a Denial of Service (DoS) via a crafted request. The affected version is Tenda V15V1.0 V15.11.0.14(1521_3190_1058).
    CVE ID: CVE-2023-27063 (Critical)
  • Vulnerability in Tenda (16 Mar 2023)

     Buffer overflow vulnerability has been discovered in Tenda that allows attackers to cause a Denial of Service (DoS) via a crafted request. The affected version is Tenda V15V1.0 V15.11.0.14(1521_3190_1058).
    CVE ID: CVE-2023-27061 (Critical)
  • Vulnerability in XHCMS (16 Mar 2023)

     SQL injection vulnerability has been discovered in XHCMS. The affected version is XHCMS 1.0.
    CVE ID: CVE-2023-1368 (Critical)
  • Vulnerability in NETGEAR Nighthawk WiFi6 Router (16 Mar 2023)

     Buffer overflow vulnerability has been discovered in NETGEAR Nighthawk WiFi6 Router that can allow an attacker to execute arbitrary code on the device. The affected versions are NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94.
    CVE ID: CVE-2023-27853 (Critical)
  • Vulnerability in NETGEAR Nighthawk WiFi6 Router (16 Mar 2023)

     Buffer overflow vulnerability has been discovered in NETGEAR Nighthawk WiFi6 Router that can allow an attacker to execute arbitrary code on the device. The affected versions are NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94.
    CVE ID: CVE-2023-27852 (Critical)
  • Vulnerability in Saysis Starcities (16 Mar 2023)

     SQL Injection vulnerability has been discovered in Saysis Starcities. The affected versions are Starcities through 1.3.
    CVE ID: CVE-2023-1198 (Critical)
  • Red Hat Security Updates (16 Mar 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Ubuntu Released Security Updates for FFmpeg package (16 Mar 2023)

     Ubuntu has released security updates to address several vulnerabilities in ffmpeg package. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 16.04 ESM.
    CVE ID: CVE-2022-3341 (Medium), CVE-2022-3109 (Medium), CVE-2022-3965 (High), CVE-2022-3964 (High)
  • Multiple Vulnerabilities in Several IBM Products (16 Mar 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Microsoft Released March 2023 Security Updates (16 Mar 2023)

     Microsoft has released updates to address multiple vulnerabilities in its software. An attacker can exploit some of these vulnerabilities to take control of an affected system.

  • Security Update for WPS Office (15 Mar 2023)

    WPS Office v11.2.0.11513 has been released to resolve vulnerabilities in earlier versions.

  • NETGEAR Security Updates (15 Mar 2023)

     NETGEAR has released security updates to address multiple vulnerabilities in its products.

  • Drupal Security Updates (15 Mar 2023)

     Drupal has released security updates to address multiple vulnerabilities in various Drupal modules and Drupal Core.

  • Google Released Security Updates for Chrome (15 Mar 2023)

     Google has released Dev channel OS version: 15378.0.0 Browser version: 113.0.5635.0 for most ChromeOS devices, Chrome Beta 112 (112.0.5615.29) for iOS, Chrome Beta 112 (112.0.5615.29) for Android, and Beta channel 112.0.5615.29 for Windows, Linux and 112.0.5615.28 for Mac.

  • SUSE Security Updates (15 Mar 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Vulnerability in Progress Telerik (15 Mar 2023)

     It has been discovered that threat actors are exploiting a .NET deserialization vulnerability in Progress Telerik User Interface (UI) for ASP.NET AJAX, located in Microsoft Internet Information Services (IIS) web server which can cause Remote Code Execution (RCE). The affected versions are Telerik UI for ASP.NET AJAX builds before R1 2020 (2020.1.114).
    CVE ID: CVE-2019-18935 (Critical)
  • Vulnerability in Trend Micro Apex One Server Installer (15 Mar 2023)

     An uncontrolled search path element vulnerability has been discovered in the Trend Micro Apex One Server installer that can allow Remote Code Execution (RCE) state on affected products.
    CVE ID: CVE-2023-25143 (Critical)
  • Vulnerability in GitHub Repository (15 Mar 2023)

     An authentication bypass vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository froxlor/froxlor prior to 2.0.13.
    CVE ID: CVE-2023-1307 (Critical)
  • Vulnerability in ENOVIA Live Collaboration (15 Mar 2023)

     An XML External Entity injection (XXE) vulnerability has been discovered in ENOVIA Live Collaboration that allows remote file inclusions. The affected version is ENOVIA Live Collaboration V6R2013xE.
    CVE ID: CVE-2023-1288 (Critical)
  • Vulnerability in ENOVIA Live Collaboration (15 Mar 2023)

     An XSL template vulnerability has been discovered in ENOVIA Live Collaboration that allows Remote Code Execution (RCE). The affected version is ENOVIA Live Collaboration V6R2013xE.
    CVE ID: CVE-2023-1287 (Critical)
  • Vulnerability in Akinsoft Wolvox (15 Mar 2023)

     A SQL injection vulnerability has been discovered in Akinsoft Wolvox. The affected versions are Akinsoft Wolvox before 8.02.03.
    CVE ID: CVE-2023-1251 (Critical)
  • Red Hat Security Updates (15 Mar 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Zoom Products (14 Mar 2023)

    Multiple vulnerabilities have been discovered in several Zoom products. The affected versions are Zoom (for Android, iOS, Linux, macOS, and Windows) clients before version 5.13.5, Zoom Rooms (for Android, iOS, Linux, macOS, and Windows) clients before version 5.13.5, Zoom VDI Windows Meeting clients before version 5.13.10, Zoom Client for Meetings for IT Admin macOS installers before version 5.13.5, Zoom Client for Meetings for IT Admin Windows installers before version 5.13.5, Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.3, and Zoom VDI for Windows clients before 5.13.1.
    CVE ID: CVE-2023-28597 (High), CVE-2023-28596 (Medium), CVE-2023-22883 (High), CVE-2023-22881 (Medium), CVE-2023-22882 (Medium), CVE-2023-22880 (Medium)
  • Vulnerability in Fortinet FortiOS (14 Mar 2023)

     Path traversal vulnerability has been discovered in Fortinet FortiOS. The affected versions are Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11.
    CVE ID: CVE-2022-41328 (High)
  • Vulnerability in Hitachi Energy Products (14 Mar 2023)

     A vulnerability has been discovered in Hitachi Energy's Data Dynamics ActiveBar (ActBar) ActiveX Controls component, that affects the SYS600 products. The affected versions are SYS600 9.4 FP2 Hotfix 5 and earlier, and SYS600 10.1.1 and earlier. The updates & mitigations are available.
    CVE ID: CVE-2011-1207 (Medium)
  • Microsoft Security Updates for Windows SmartScreen Security (14 Mar 2023)

     Microsoft has released security updates to address Feature Bypass vulnerability in Windows SmartScreen Security.
    CVE ID: CVE-2023-24880 (Medium) 
  • Multiple Vulnerabilities in Autodesk's Equipment FBX SDK (14 Mar 2023)

     Multiple vulnerabilities have been discovered in Autodesk's Equipment- FBX SDK that can lead to code execution or a Denial of Service (DoS) condition. The affected products are Autodesk FBX SDK versions 2020 and prior, and Luxion KeyShot version 11.3 and prior. The updates are available.
    CVE ID: CVE-2022-41302 (High), CVE-2022-41303 (High), CVE-2022-41304 (High)
  • Vulnerability in GE Digital's Equipment iFIX (14 Mar 2023)

     A code injection vulnerability has been discovered in GE Digital Equipment- iFIX that can cause privilege escalation and full control of the system. The affected versions are GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5.
    CVE ID: CVE-2023-0598 (High)
  • Ubuntu Released Security Updates for Linux Kernel (14 Mar 2023)

     Ubuntu has released security updates to address several vulnerabilities in Linux kernel. The affected products are Ubuntu 22.10, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS.

  • Mozilla Released Security Updates for Thunderbird, Firefox ESR and Firefox (14 Mar 2023)

     Mozilla has released security updates to resolve multiple vulnerabilities in Thunderbird 102.9, Firefox ESR 102.9, and Firefox 111. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-28159 (High), CVE-2023-25748 (High), CVE-2023-25749 (High), CVE-2023-25750 (High), CVE-2023-25751 (High), CVE-2023-28160 (Medium), CVE-2023-28164 (Medium), CVE-2023-28161 (Medium), CVE-2023-28162 (Medium), CVE-2023-25752 (Medium), CVE-2023-28163 (Medium), CVE-2023-28176 (High), CVE-2023-28177 (High)
  • Multiple Vulnerabilities in Moxa (14 Mar 2023)

     Multiple improper certificate validation vulnerabilities have been discovered in NPort 6000 Series and Windows driver manager. The affected versions are NPort 6000 Series Firmware version 2.2 or lower, Windows Driver Manager Series Software version 3.4 or lower, and Windows Driver Manager Series Software version 4.0 or lower. Security updates are available for NPort 6000 Series.
    CVE ID: CVE-2022-43993, CVE-2022-43994
  • Multiple Vulnerabilities in Several IBM Products (14 Mar 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • SUSE Security Updates (14 Mar 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Debian Security Update for Qemu Package(14 Mar 2023)

     Debian has released a security update to resolve multiple vulnerabilities in qemu package.
    CVE ID: CVE-2020-14394 (Low), CVE-2020-29130 (Medium), CVE-2021-3592 (Low), CVE-2021-3593 (Low), CVE-2021-3594 (Low), CVE-2021-3595 (Low), CVE-2022-0216 (Medium), CVE-2022-1050 (High)
  • Multiple Vulnerabilities in Siemens Products (14 Mar 2023)

     Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve these vulnerabilities.
    CVE ID: CVE-2015-8011 (Critical), CVE-2020-27827 (High), CVE-2023-25957 (Critical), CVE-2022-34819 (Critical), CVE-2022-34820 (High), CVE-2022-34821 (High), CVE-2022-0547 (Critical), CVE-2022-1292 (Critical), CVE-2021-37208 (Critical)
  • Microsoft Security Updates for Internet Control Message Protocol (14 Mar 2023)

     Microsoft has released security updates to resolve Remote Code Execution (RCE) vulnerability in Internet Control Message Protocol (ICMP).
    CVE ID: CVE-2023-23415 (Critical)
  • AVEVA Security Updates (14 Mar 2023)

     AVEVA has released security updates to address an improper authorization vulnerability in AVEVA Plant SCADA and AVEVA Telemetry Server. The affected versions are AVEVA Plant SCADA 2023, AVEVA Plant SCADA 2020R2 Update 10 and all prior versions, and AVEVA Telemetry Server 2020 R2 SP1 and all prior versions.
    CVE ID: CVE-2023-1256 (Critical)
  • Schneider Electric Security Updates (14 Mar 2023)

     Schneider Electric has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-28003 (Medium), CVE-2023-28004 (Critical), CVE-2023-27977 (High), CVE-2023-27978 (High), CVE-2023-27979 (High), CVE-2023-27980 (High), CVE-2023-27981 (High), CVE-2023-27982 (High), CVE-2023-27983 (Medium), CVE-2023-27984 (Medium), CVE-2022-45789 (High), CVE-2023-22610 (Critical), CVE-2023-22611 (High)
  • Adobe Released Security Updates for Multiple Products (14 Mar 2023)

     Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-26359 (Critical), CVE-2023-26360 (High), CVE-2023-26361 (Medium), CVE-2023-25908 (High)
  • Microsoft Security Updates for Microsoft Outlook (14 Mar 2023)

     Microsoft has released security updates to resolve an elevation of privilege vulnerability in Microsoft Outlook.
    CVE ID: CVE-2023-23397 (Critical)
  • Microsoft Security Updates for HTTP Protocol Stack (14 Mar 2023)

     Microsoft has released security updates to resolve Remote Code Execution (RCE) vulnerability in HTTP Protocol Stack.
    CVE ID: CVE-2023-23392 (Critical)
  • Microsoft Security Updates for Remote Procedure Call Runtime (14 Mar 2023)

     Microsoft has released security updates to resolve Remote Code Execution (RCE) vulnerability in Remote Procedure Call Runtime.
    CVE ID: CVE-2023-21708 (Critical)
  • Vulnerability in Funadmin (14 Mar 2023)

     A SQL injection vulnerability has been discovered in Funadmin. The affected version is Funadmin v3.2.0.
    CVE ID: CVE-2023-24773 (Critical)
  • Vulnerability in Funadmin (14 Mar 2023)

     A SQL injection vulnerability has been discovered in Funadmin. The affected version is Funadmin v3.2.0.
    CVE ID: CVE-2023-24777 (Critical)
  • Vulnerability in Funadmin (14 Mar 2023)

     A SQL injection vulnerability has been discovered in Funadmin. The affected version is Funadmin v3.2.0.
    CVE ID: CVE-2023-24782 (Critical)
  • Vulnerability in GitHub Repository (14 Mar 2023)

     A code injection vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository builderio/qwik prior to 0.21.0.
    CVE ID: CVE-2023-1283 (Critical)
  • Vulnerability in GitHub Repository (14 Mar 2023)

     Use of hard-coded credentials vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository alextselegidis/easyappointments prior to 1.5.0.
    CVE ID: CVE-2023-1269 (Critical)
  • Vulnerability in SmartBear Zephyr Enterprise (14 Mar 2023)

     A Remote Code Execution (RCE) vulnerability has been discovered in SmartBear Zephyr Enterprise. The affected versions are SmartBear Zephyr Enterprise through 7.15.0.
    CVE ID: CVE-2023-22889 (Critical)
  • Vulnerability in Varisicte matrix-gui (14 Mar 2023)

     A SQL injection vulnerability has been discovered in Varisicte matrix-gui that allows to execute arbitrary code. The affected version is Varisicte matrix-gui v.2.
    CVE ID: CVE-2023-26922 (Critical)
  • Vulnerability in TOTOlink A7100RU Router (14 Mar 2023)

     A command injection vulnerability has been discovered in TOTOlink A7100RU router. The affected version is TOTOlink A7100RU V7.4cu.2313_B20191024 router.
    CVE ID: CVE-2023-25395 (Critical)
  • Vulnerability in Ulkem Company (14 Mar 2023)

     A SQL injection vulnerability has been discovered in Ulkem Company PtteM Kart. The affected versions are PtteM Kart before 2.1.
    CVE ID: CVE-2023-1267 (Critical)
  • Vulnerability in Omron's Equipment CJ1M PLC (14 Mar 2023)

     An improper access control vulnerability has been discovered in Omron's Equipment- CJ1M PLC that allow to bypass user memory protections by writing to a specific memory address. The affected products are all versions of Omron CJ1M: SYSMAC CJ-series, SYSMAC CS-series, and SYSMAC CP-series.
    CVE ID: CVE-2023-0811 (Critical)
  • Red Hat Security Updates (14 Mar 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Mandatory Microsoft DCOM Patch to Disrupt SCADA Communications (13 Mar 2023)

     It has been discovered that from 14 March 2023 it will no longer be possible to disable the Microsoft DCOM hardening patch applicable. This can result in the disruption of critical communications between ICS/SCADA/OT devices.
    CVE ID: CVE-2021-26414 (Medium)
  • Microsoft Edge Security Updates (13 Mar 2023)

     Microsoft has released Microsoft Edge Stable Channel (Version 111.0.1661.41)  & Microsoft Edge Extended Stable Channel (Version 110.0.1587.69) to resolve multiple vulnerabilities.

  • Ubuntu Released Security Updates for Multiple Products (13 Mar 2023)

     Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.

  • Vulnerability in WordPress Solidres plugin (13 Mar 2023)

     A stored Cross-Site Scripting (XSS) vulnerability has been discovered in WordPress Solidres plugin. The affected versions are Solidres plugin versions up to, and including, 0.9.4.
    CVE ID: CVE-2023-1374 (Medium)
  • Vulnerability in WordPress WH Testimonials plugin (13 Mar 2023)

     A stored Cross-Site Scripting (XSS) vulnerability has been discovered in WordPress WH Testimonials plugin. The affected versions are WH Testimonials plugin versions up to, and including, 3.0.0.
    CVE ID: CVE-2023-1372 (High)
  • SUSE Security Updates (13 Mar 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Microsoft Edge Security Update (13 Mar 2023)

     Microsoft has released Microsoft Edge Extended Stable Channel (Version 110.0.1587.69) to resolve multiple vulnerabilities.

  • SAP Released March 2023 Security Notes (14 Mar 2023)

     SAP has released security notes to address several critical vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system. 
    CVE ID: CVE-2023-25616 (Critical), CVE-2023-23857 (Critical), CVE-2023-27269 (Critical), CVE-2023-27500 (Critical), CVE-2023-25617 (Critical)
  • Vulnerability in onekeyadmin (13 Mar 2023)

     An arbitrary file upload vulnerability has been discovered in onekeyadmin that allows attackers to execute arbitrary code via a crafted PHP file. The affected version is onekeyadmin v1.3.9.
    CVE ID: CVE-2023-26949 (Critical)
  • Vulnerability in PMB (13 Mar 2023)

     A Remote Code Execution (RCE) vulnerability has been discovered in PMB. The affected version is PMB v7.4.6.
    CVE ID: CVE-2023-24736 (Critical)
  • Vulnerability in PMB (13 Mar 2023)

     An arbitrary file upload vulnerability has been discovered in PMB that allows attackers to execute arbitrary code via a crafted image file. The affected version is PMB v7.4.6.
    CVE ID: CVE-2023-24734 (Critical)
  • Vulnerability in SS1 and Rakuraku PC Cloud Agent (13 Mar 2023)

     A use of hard-coded credentials vulnerability has been discovered in SS1 and Rakuraku PC Cloud Agent that may allow to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.The affected versions are SS1 Ver.13.0.0.40 and earlier, and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier.
    CVE ID: CVE-2023-22344 (Critical)
  • Vulnerability in SS1 and Rakuraku PC Cloud Agent (13 Mar 2023)

     A path traversal vulnerability has been discovered in SS1 and Rakuraku PC Cloud Agent that may allow to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device. The affected versions are SS1 Ver.13.0.0.40 and earlier, and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier.
    CVE ID: CVE-2023-22336 (Critical)
  • Vulnerability in IBM Instana (13 Mar 2023)

     It has been discovered that Docker based datastores for IBM Instana do not currently require authentication that allow an attacker within the network to access the datastores with read/write access. The affected versions are IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0.
    CVE ID: CVE-2023-27290 (Critical)
  • Vulnerability in ShadowsocksX-NG (13 Mar 2023)

     It has been discovered that ShadowsocksX-NG signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJECT_BASE_ENTITLEMENTS. The affected version is ShadowsocksX-NG 1.10.0.
    CVE ID: CVE-2023-27574 (Critical)
  • XWiki Commons Security Updates (13 Mar 2023)

     A vulnerability has been discovered in XWiki Commons that allow any user to edit their own profile and inject code, which is going to be executed with programming right. The affected version is are XWiki Commons 3.1-milestone-1.
    CVE ID: CVE-2023-26055 (Critical)
  • Wolt Security Update (13 Mar 2023)

     Wolt has released security updates to address hard-coded API key vulnerability in Android App "Wolt Delivery: Food and more". The affected products are Android App "Wolt Delivery: Food and more" version 4.27.2 and earlier.
    CVE ID: CVE-2023-22429 (Medium)
  • Debian Security Update (13 Mar 2023)

     Debian has released a security update to resolve multiple vulnerabilities in ruby-sidekiq, and libapache2-mod-auth-mellon.
    CVE ID: CVE-2021-30151 (Medium), CVE-2022-23837 (High), CVE-2019-13038 (Medium), CVE-2021-3639 (Medium)
  • SUSE Security Updates (11 Mar 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in WordPress Plugins (10 Mar 2023)

     Multiple vulnerabilities have been discovered in various WordPress plugins. Security updates & patches are available.
    CVE ID: CVE-2023-1343 (Medium), CVE-2023-1339 (Medium), CVE-2023-1338 (Medium), CVE-2023-1344 (Medium), CVE-2023-1333 (Medium), CVE-2023-1340 (Medium), CVE-2023-1342 (Medium), CVE-2023-1337 (Medium), CVE-2023-1346 (Medium), CVE-2023-1336 (Medium), CVE-2023-1345 (Medium), CVE-2023-1341 (Medium), CVE-2023-1335 (Medium), CVE-2023-1334 (Medium)
  • Multiple Vulnerabilities in Several IBM Products (10 Mar 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Vulnerability in CleverStupidDog yf-exam (10 Mar 2023)

     Deserialization vulnerability has been discovered in CleverStupidDog yf-exam, which can lead to remote code execution (RCE). The affected version is CleverStupidDog yf-exam v 1.8.0.
    CVE ID: CVE-2023-26779 (Critical)
  • Vulnerability in Gitpod (10 Mar 2023)

     Cross-Site WebSocket Hijacking (CSWSH) vulnerability has been discovered in Gitpod that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim's credentials. The affected versions are Gitpod prior to release- 2022.11.2.16.
    CVE ID: CVE-2023-0957 (Critical)
  • Vulnerability in XWiki Platform (10 Mar 2023)

     A vulnerability has been discovered in XWiki Platform that inject arbitrary wiki syntax. The affected versions are XWiki Platform 6.3-rc-1 and 6.2.4.
    CVE ID: CVE-2023-26477 (Critical)
  • Red Hat Security Updates (10 Mar 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (10 Mar 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • B&R Industrial Automation Security Update (09 Mar 2023)

     B&R Industrial Automation has released security update to address a Cross-site Scripting vulnerability in its equipment- Systems Diagnostics Manager (SDM). The affected versions are System Diagnostics Manager: runtime versions 3.00 and later, and System Diagnostics Manager: runtime versions C4.93 and prior.
    CVE ID: CVE-2022-4286 (Medium)
  • Step Tools Inc. Security Update (09 Mar 2023)

     Step Tools Inc. has released security update to address a Null Pointer Dereference vulnerability in its equipment- STEPTools ifcmesh library. The affected version is STEPTools v18SP1 ifcmesh library (v18.1).
    CVE ID: CVE-2023-0973 (Low)
  • Ubuntu Released Security Updates for Multiple Products (09 Mar 2023)

     Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS.
    CVE ID: CVE-2023-27522, CVE-2023-25690 
  • Google Released Security Updates for Chrome (09 Mar 2023)

     Google has released ChromeOS LTS 108, 108.0.5359.221 (Platform Version: 15183.8240), for most ChromeOS devices, Stable channel OS version: 15329.44.0 Browser version: 111.0.5563.71 for most ChromeOS devices, Chrome Dev 113 (113.0.5637.4) for Android, Beta channel ChromeOS version: 15359.15.0 and Browser version: 112.0.5615.18 for some devices, dev channel 113.0.5638.0 for Windows, Linux and Mac, Chrome 112 Beta channel for Windows, Mac and Linux, Chrome Beta 112 (112.0.5615.18) for Android, and Chrome Stable 111 (111.0.5563.72) for iOS.

  • GitLab Security Update (09 Mar 2023)

     GitLab has released Community Edition and Enterprise Edition version 15.9.3 to resolve a number of regressions and bugs in the 15.9 release and prior versions.

  • SUSE Security Updates (09 Mar 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • NETGEAR Security Update (09 Mar 2023)

     NETGEAR has released security update to address multiple vulnerabilities in RAX30.

  • Vulnerability in PrestaShop e-commerce platform (09 Mar 2023)

     Blind SQL injection vulnerability has been discovered in PrestaShop e-commerce platform. Versions upto 4.5.5 are affected by the flaw.
    CVE ID: CVE-2023-23315 (Critical)
  • Vulnerability in Drag and Drop Multiple File Upload Contact Form (09 Mar 2023)

     Relative path traversal vulnerability has been discovered in Drag and Drop Multiple File Upload Contact Form. The affected version is 7 5.0.6.1.
    CVE ID: CVE-2023-1112 (Critical)
  • Multiple Vulnerabilities in Aruba products (09 Mar 2023)

     Multiple vulnerabilities such as command injection and stack-based buffer overflow have been discovered in Aruba products.
    CVE ID: CVE-2023-22747 (Critical), CVE-2023-22748 (Critical), CVE-2023-22749 (Critical), CVE-2023-22750 (Critical)
  • Vulnerability in ForgeRock (09 Mar 2023)

     Relative Path Traversal vulnerability has been discovered in ForgeRock Access Management Java Policy Agent that allows Authentication Bypass. All versions of Access Management Java Policy Agent up to 5.10.1 are affected.
    CVE ID: CVE-2023-0511 (Critical)
  • Vulnerability in ForgeRock (09 Mar 2023)

     Relative Path Traversal vulnerability has been discovered in ForgeRock Access Management Java Policy Agent that allows Authentication Bypass. All versions of Access Management Java Policy Agent up to 5.10.1 are affected.
    CVE ID: CVE-2023-0339 (Critical)
  • Vulnerability in SPIP (09 Mar 2023)

     SQL injection vulnerability has been discovered in SPIP that allows attackers to execute arbitrary code via a crafted POST request. The affected versions are SPIP v4.1.5 and earlier.
    CVE ID: CVE-2023-24258 (Critical)
  • Multiple Vulnerabilities in Akuvox's Equipment (09 Mar 2023)

     Multiple vulnerabilities have been discovered in Akuvox's Equipment- E11. Successful exploitation of these vulnerabilities can cause loss of sensitive information, unauthorized access, and grant full administrative control to an attacker. All versions of Akuvox E11 are affected.
    CVE ID: CVE-2023-0343 (Medium), CVE-2023-0355 (Medium), CVE-2023-0354 (Critical), CVE-2023-0353 (High), CVE-2023-0352 (Critical), CVE-2023-0351 (High), CVE-2023-0350 (Medium), CVE-2023-0349 (High), CVE-2023-0348 (High), CVE-2023-0347 (High), CVE-2023-0346 (High), CVE-2023-0345 (Critical), CVE-2023-0344 (Critical)
  • Red Hat Security Updates (09 Mar 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in WordPress Plugins (08 Mar 2023)

     Multiple vulnerabilities have been discovered in various WordPress plugins. Security updates & patches are available.

  • Multiple Vulnerabilities in Cisco Products (08 Mar 2023)

     Multiple vulnerabilities have been discovered in several Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system. Updates are available for some products.
    CVE ID: CVE-2023-20049 (High), CVE-2023-20064 (Medium)
  • Multiple Vulnerabilities in Jenkins (08 Mar 2023)

     Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
    CVE ID: CVE-2023-27898 (High), CVE-2023-27899 (High), CVE-2023-24998 (Medium), CVE-2023-27900 (Medium), CVE-2023-27901 (Medium), CVE-2023-27902 (Medium), CVE-2023-27903 (Low), CVE-2023-27904 (Low), CVE-2023-27905 (Medium)
  • Drupal Security Update (08 Mar 2023)

     Drupal has released a security update to resolve a Denial of Service (DoS) vulnerability in Gutenberg, a third-party library used in it.

  • Moxa Security Updates (08 Mar 2023)

     Moxa has released security updates to resolve command injection and use of Hard-coded credentials vulnerabilities in Moxa MXsecurity Series. The affected versions are MXsecurity Series Software v1.0.

  • Google Released Security Updates for Chrome (08 Mar 2023)

     Google has released Dev channel 112.0.5615.20 for Windows, Linux & Mac, Dev channel OS version: 15373.0.0, Browser version: 113.0.5624.0 for most ChromeOS devices, and Chrome Beta 112 (112.0.5615.20) for iOS.

  • Foxit PDF Editor Security Updates (08 Mar 2023)

     Foxit has released updated Foxit PDF Editor 11.2.5 to resolve multiple vulnerabilities in Foxit PDF Editor 11.2.4.53774 and all previous 11.x versions, 10.1.10.37854 and earlier.

  • CODESYS Security Updates (08 Mar 2023)

     CODESYS has released security updates to address multiple vulnerabilities in CODESYS Control V3 file access, CODESYS Control V3, and CODESYS runtime system V3 communication server.
    CVE ID: CVE-2022-4224 (High), CVE-2022-47391 (High), CVE-2022-47378 (High), CVE-2022-47379 (High), CVE-2022-47380 (High), CVE-2022-47381 (High), CVE-2022-47382 (High), CVE-2022-47383 (High), CVE-2022-47384 (High), CVE-2022-47385 (High), CVE-2022-47386 (High), CVE-2022-47387 (High), CVE-2022-47388 (High), CVE-2022-47389 (High), CVE-2022-47390 (High), CVE-2022-47392 (High), CVE-2022-47393 (High)
  • SUSE Security Updates (08 Mar 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (08 Mar 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Apple Security Updates (08 Mar 2023)

     Apple has released security updates to resolve vulnerability in macOS Ventura, iOS & iPadOS that allow an app to execute arbitrary code out of its sandbox or with certain elevated privileges. The affected versions are in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3.
    CVE ID: CVE-2023-23531 (Critical)
  • Phoenix Contact Security Updates for TC Router and Cloud Client Series (07 Mar 2023)

     Phoenix Contact has released security updates to resolve arbitrary command injection and arbitrary file upload/removal vulnerabilities in TC Router and Cloud Client Series. The affected versions are TC Router 4000 series and Cloud Client 2000 series up to firmware version 4.5.7x.107. 
    CVE ID: CVE-2023-0861 (High), CVE-2023-0862 (High)
  • Apache Security Updates (07 Mar 2023)

     Apache has released security updates to address HTTP Request Smuggling attack, and HTTP Response Smuggling vulnerabilities in Apache HTTP Server. The affected versions are Apache HTTP Server: 2.4.0 through 2.4.55, and  Apache HTTP Server: 2.4.30 through 2.4.55.
    CVE ID: CVE-2023-25690, CVE-2023-27522
  • Vulnerability in ABB Product (07 Mar 2023)

     A vulnerability affects the IEC 68070-5-104 (IEC-104) protocol stack of ABB Substation Management Unit COM600 that allow attackers to cause a denial-of-service attack against the COM600 product. The affected versions are ABB COM600 product firmware 2.x, 3.x, 4.x and 5.x.
    CVE ID: CVE-2022-29492 (Medium)
  • Multiple Vulnerabilities in Fortinet Products (07 Mar 2023)

     Multiple vulnerabilities have been discovered in several Fortinet products. Security updates are available.
    CVE ID: CVE-2023-25610 (Critical), CVE-2023-25611 (High), CVE-2023-23776 (Medium), CVE-2023-25605 (High)
  • Apple Security Updates (07 Mar 2023)

     Apple has released security updates to address multiple vulnerabilities in GarageBand for macOS 10.4.8. An attacker can exploit some of these vulnerabilities to take control of an affected device.
    CVE ID: CVE-2023-27960, CVE-2023-27938
  • WordPress Released Security Updates for CMP Coming Soon & Maintenance plugin (07 Mar 2023)

     WordPress has released security updates to resolve multiple vulnerabilities in CMP Coming Soon & Maintenance plugin. The affected versions are CMP Coming Soon & Maintenance plugin versions up to, and including, 4.1.6.
    CVE ID: CVE-2023-1263 (Medium)
  • Trellix Security Update for Intelligent Sandbox (07 Mar 2023)

     Trellix has released security update to address a command injection vulnerability in Intelligent Sandbox CLI that allows a local user to obtain root access. The affected versions are Intelligent Sandbox IS 5.2, 5.0, and ATD 4.x.
    CVE ID: CVE-2023-0978 (Medium)
  • Vulnerability in Domotica Labs srl Ikon Server (07 Mar 2023)

     A SQL injection vulnerability has been discovered in Domotica Labs srl Ikon Server. The affected versions are Domotica Labs srl Ikon Server before v2.8.6. 
    CVE ID: CVE-2023-24253 (Critical)
  • Vulnerability in Davinci (07 Mar 2023)

     A SQL injection vulnerability has been discovered in Davinci. The affected version is Davinci v0.3.0-rc. 
    CVE ID: CVE-2023-24206 (Critical)
  • Vulnerability in ASUS ASMB8 iKVM firmware (07 Mar 2023)

     An execution of arbitrary code vulnerability has been discovered in ASUS ASMB8 iKVM firmware. The affected versions are ASUS ASMB8 iKVM firmware through 1.14.51.
    CVE ID: CVE-2023-26602 (Critical)
  • Vulnerability in BMC Control-M (07 Mar 2023)

     A SQL injection vulnerability has been discovered in BMC Control-M that allows to execute arbitrary SQL commands via the memname JSON field. The affected versions are BMC Control-M before 9.0.20.214.
    CVE ID: CVE-2023-26550 (Critical)
  • ZoneMinder Security Update (07 Mar 2023)

     ZoneMinder has released a security update to address a SQL Injection vulnerability in it. The affected versions are ZoneMinder prior to 1.36.33 and 1.37.33.
    CVE ID: CVE-2023-26037 (Critical)
  • ZoneMinder Security Update (07 Mar 2023)

     ZoneMinder has released a security update to address a Local File Inclusion (Untrusted Search Path) vulnerability in it. The affected versions are ZoneMinder prior to 1.36.33 and 1.37.33.
    CVE ID: CVE-2023-26036 (Critical)
  • ZoneMinder Security Update (07 Mar 2023)

     ZoneMinder has released a security update to address an Unauthenticated Remote Code Execution via Missing Authorization vulnerability in it. The affected versions are ZoneMinder prior to 1.36.33 and 1.37.33.
    CVE ID: CVE-2023-26035 (Critical)
  • Gradio Security Update (07 Mar 2023)

     Gradio has released a security update to address an Use of Hard-coded Credentials vulnerability in it. The affected versions are Gradio prior to 3.13.1.
    CVE ID: CVE-2023-25823 (Critical)
  • Multiple Vulnerabilities in Several NetApp Products (07 Mar 2023)

     Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates are available for some products.
    CVE ID: CVE-2023-24998 (High), CVE-2023-25139 (Critical), CVE-2021-0187 (Low), CVE-2022-26343 (High), CVE-2022-26837 (High), CVE-2022-30539 (High), CVE-2022-30704 (High), CVE-2022-32231 (High), CVE-2022-33972 (Medium)
  • Multiple Vulnerabilities in BUFFALO INC Network Devices (07 Mar 2023)

     Multiple vulnerabilities have been discovered in BUFFALO INC network devices. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
    CVE ID: CVE-2023-26588 (Low), CVE-2023-24544 (Medium), CVE-2023-24464 (Medium)
  • Red Hat Security Updates (07 Mar 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Mitsubishi Electric Security Updates (07 Mar 2023)

     Mitsubishi Electric has released security updates to resolve multiple OpenSSL Denial of Service vulnerabilities that affect the BACnet secure connect function of GENESIS64.
    CVE ID: CVE-2022-3602 (Medium), CVE-2022-3786 (Medium)
  • Multiple Vulnerabilities in Several IBM Products (07 Mar 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • WordPress Released Security Updates for Paytium: Mollie payment forms & donations plugin (06 Mar 2023)

     WordPress has released security updates to resolve multiple vulnerabilities in Paytium: Mollie payment forms & donations plugin. The affected versions are Paytium: Mollie payment forms & donations plugin versions up to, and including, 4.3.7.

  • Google Released Security Updates for Chrome (06 Mar 2023)

     Google has released Chrome 111 (111.0.5563.57/58) for Android, Stable channel 111.0.5563.64 for Windows & Mac, Beta channel 111.0.5563.64 for Windows, Mac & Linux, and Chrome Beta 111 (111.0.5563.58) for Android.

  • SUSE Security Updates (06 Mar 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Android Security Updates (06 Mar 2023)

     Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2023-03-05 or later, address all of these issues.

  • SPIP Security Updates (06 Mar 2023)

     SPIP has released security updates to address Remote Code Execution (RCE) vulnerability in it. The affected versions are SPIP before 4.2.1.
    CVE ID: CVE-2023-27372 (Critical)
  • Vulnerability in onStart of BluetoothSwitchPreferenceController.java (06 Mar 2023)

     A permission bypass vulnerability has been discovered in onStart of BluetoothSwitchPreferenceController.java that can lead to remote escalation of privileges in Bluetooth settings with no additional execution privileges needed. The affected products are Android-11, Android-12, Android-12L, and Android-13.
    CVE ID: CVE-2023-20946 (Critical)
  • IVM Development Group Security Update (06 Mar 2023)

     IVM Development Group has released a security update to address multiple vulnerabilities in pg_ivm module. The affected versions are pg_ivm prior to 1.5.1. 
    CVE ID: CVE-2023-22847 (Medium), CVE-2023-23554 (Medium)
  • Multiple Vulnerabilities in MediaTek Products (06 Mar 2023)

     Multiple vulnerabilities have been discovered in MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, and OTT chipsets.
    CVE ID: CVE-2023-20620 (High), CVE-2023-20621 (High), CVE-2023-20623 (High), CVE-2023-20624 (Medium), CVE-2023-20625 (Medium), CVE-2023-20626 (Medium), CVE-2023-20627 (Medium), CVE-2023-20628 (Medium), CVE-2023-20630 (Medium), CVE-2023-20632 (Medium), CVE-2023-20633 (Medium), CVE-2023-20634 (Medium), CVE-2023-20635 (Medium), CVE-2023-20636 (Medium), CVE-2023-20637 (Medium), CVE-2023-20638 (Medium), CVE-2023-20639 (Medium), CVE-2023-20640 (Medium), CVE-2023-20641 (Medium), CVE-2023-20642 (Medium), CVE-2023-20643 (Medium), CVE-2023-20644 (Medium), CVE-2023-20645 (Medium), CVE-2023-20646 (Medium), CVE-2023-20647 (Medium), CVE-2023-20648 (Medium), CVE-2023-20649 (Medium), CVE-2023-20650 (Medium), CVE-2023-20651 (Medium)
  • WordPress Released Security Updates for Watu Quiz plugin (03 Mar 2023)

     WordPress has released security updates to resolve a reflected Cross-Site Scripting (XSS) vulnerability in Watu Quiz plugin. The affected versions are Watu Quiz plugin versions up to and including 3.3.9.
    CVE ID: CVE-2023-0968 (Medium)
  • WordPress Released Security Updates for WP Meteor Page Speed Optimization Topping plugin (03 Mar 2023)

     WordPress has released security updates to resolve an unauthorized admin notice dismissal vulnerability in WP Meteor Page Speed Optimization Topping plugin. The affected versions are WP Meteor Page Speed Optimization Topping plugin versions up to and including 3.1.4.

  • Google Released Security Update for Chrome (03 Mar 2023)

     Google has released Chrome Dev 112 (112.0.5615.10) for Android.

  • SUSE Security Updates (03 Mar 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Vulnerability in Tenda AC500 (03 Mar 2023)

     A buffer overflow vulnerability has been discovered in Tenda AC500. The affected version is Tenda AC500 V2.0.1.9(1307).
    CVE ID: CVE-2023-25234 (Critical)
  • Vulnerability in Tenda AC500 (03 Mar 2023)

     A buffer overflow vulnerability has been discovered in Tenda AC500. The affected version is Tenda AC500 V2.0.1.9(1307).
    CVE ID: CVE-2023-25233 (Critical)
  • Vulnerability in Tenda Router (03 Mar 2023)

     A buffer overflow vulnerability has been discovered in Tenda Router. The affected version is Tenda Router W30E V1.0.1.25(633).
    CVE ID: CVE-2023-25231 (Critical)
  • Vulnerability in Cerebrate (03 Mar 2023)

     It has been discovered that Cerebrate does not properly consider organisation_id during creation of API keys. The affected version is Cerebrate 1.12.
    CVE ID: CVE-2023-26468 (Critical)
  • Vulnerability in Tenda AX3 (03 Mar 2023)

     A stack overflow vulnerability has been discovered in Tenda AX3. The affected version is Tenda AX3 V16.03.12.11.
    CVE ID: CVE-2023-24212 (Critical)
  • Vulnerability in Clash for Windows (03 Mar 2023)

     A Remote code execution (RCE) vulnerability has been discovered in Clash for Windows, which can be exploited via overwriting the configuration file. The affected version is Clash for Windows v0.20.12.
    CVE ID: CVE-2023-24205 (Critical)
  • Vulnerability in BuddyForms WordPress plugin (03 Mar 2023)

     An unauthenticated insecure deserialization vulnerability has been discovered in BuddyForms WordPress plugin. The affected versions are BuddyForms WordPress plugin prior to 2.7.8.
    CVE ID: CVE-2023-26326 (Critical)
  • Vulnerability in Curl (03 Mar 2023)

     A cleartext transmission of sensitive information vulnerability has been discovered in Curl that can cause HSTS functionality to fail when multiple URLs are requested serially. The affected versions are Curl prior to v7.88.0.
    CVE ID: CVE-2023-23914 (Critical)
  • Red Hat Security Updates (03 Mar 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Ubuntu Released Security Updates for Linux kernel (03 Mar 2023)

     Ubuntu has released security updates to address several vulnerabilities in Linux kernel. The affected products are Ubuntu 14.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 20.04 LTS.

  • JTEKT ELECTRONICS CORPORATION Security Updates (03 Mar 2023)

     JTEKT ELECTRONICS CORPORATION has released security updates to address out of bounds read and use after free vulnerabilities in Kostac PLC Programming Software. The affected versions are Kostac PLC Programming Software 1.6.9.0 and earlier.
    CVE ID: CVE-2023-22419 (High), CVE-2023-22421 (High), CVE-2023-22424 (High)
  • SonicWall Security Updates (02 Mar 2023)

     SonicWall has released security updates to address stack-based buffer overflow, and improper restriction of excessive MFA attempts vulnerabilities in SonicOS and SonicOS SSLVPN respectively.
    CVE ID: CVE-2023-0656 (High), CVE-2023-1101 (Medium)
  • GitLab Security Updates (02 Mar 2023)

     GitLab has released updated versions 15.9.2, 15.8.4, and 15.7.8 for GitLab Community Edition (CE) and Enterprise Edition (EE).
    CVE ID: CVE-2023-0050 (High), CVE-2022-4289 (Medium), CVE-2022-4331 (Medium), CVE-2023-0483 (Medium), CVE-2022-4007 (Medium), CVE-2022-3758 (Medium), CVE-2023-0223 (Medium), CVE-2022-4462 (Medium), CVE-2023-1072 (Medium), CVE-2022-3381 (Medium), CVE-2023-1084 (Low)
  • Multiple Vulnerabilities in Edgecross Basic Software (02 Mar 2023)

     It has been discovered that Edgecross Basic Software for Windows contains multiple vulnerabilities that may cause the Denial of Service (DoS) condition.
    CVE ID: CVE-2022-0778 (High), CVE-2022-29862 (High), CVE-2022-29864 (High)​
  • Royal Ransomware (02 Mar 2023)

     Royal ransomware is using various TTPs for initial access such as phishing emails, compromising RDP , exploiting public-facing applications & may leverage brokers to gain initial access and source traffic by harvesting Virtual Private Network (VPN) credentials from stealer logs. After gaining access, exfiltrate data to Command & Control (C2) server and then encrypts systems with its own custom-made file encryption program, evolved from earlier iterations that used “Zeon” as a loader.

  • Baicells Security Updates (02 Mar 2023)

     Baicells has released security updates to address a command injection vulnerability in its equipment- Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430.
    CVE ID: CVE-2023-0776 (Critical)
  • Vulnerability in Rittal's Equipment (02 Mar 2023)

     An improper access control vulnerability has been discovered in Rittal's Equipment- CMC III. Successful exploitation can allow to open control cabinets secured with Rittal locks.
    CVE ID: CVE-2022-40633 (Medium)
  • Medtronic Security Updates (02 Mar 2023)

     Medtronic has released security update to address an unverified password change vulnerability in its equipment- Micros Clinician (A51200) app and InterStim X Clinician (A51300) app.
    CVE ID: CVE-2023-25931 (Medium)
  • Multiple Vulnerabilities in Cisco Products (02 Mar 2023)

     Multiple vulnerabilities have been discovered in several Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system. Updates are available for some products.
    CVE ID: CVE-2023-20011 (High), CVE-2023-20088 (Medium), CVE-2022-20952 (Medium)
  • WordPress Released Security Updates for Metform Elementor Contact Form Builder plugin (02 Mar 2023)

     WordPress has released security updates to resolve a reCaptcha bypass vulnerability in Metform Elementor Contact Form Builder plugin. The affected versions are Metform Elementor Contact Form Builder plugin versions up to, and including, 3.2.1.
    CVE ID: CVE-2023-0085 (Medium)
  • Vulnerability Cost Calculator plugin for WordPress (02 Mar 2023)

     A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Cost Calculator plugin for WordPress. The affected versions are Cost Calculator plugin versions up to, and including, 1.8.
    CVE ID: CVE-2023-1155 (Medium)
  • Google Released Security Updates for Chrome (02 Mar 2023)

     Google has released Chrome Beta 112 (112.0.5615.9) for iOS, Beta channel OS version: 15329.37.0, Browser version 111.0.5563.54 for most ChromeOS devices, Dev channel 112.0.5615.12 for Windows, Linux and Mac and LTS 102.0.5005.197 (Platform Version: 14695.187.0) for most ChromeOS devices to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-0931 (High), CVE-2023-0128 (High), CVE-2022-4139 (High), CVE-2022-4378 (High), CVE-2022-45934 (High)
  • Multiple Vulnerabilities in Several NetApp Products (02 Mar 2023)

     Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates are available for some products.

  • Vulnerability in ThingsBoard (02 Mar 2023)

     A privileges elevation vulnerability has been discovered in ThingsBoard because hard-coded service credentials are stored in an insecure format. The affected version is ThingsBoard 3.4.1.
    CVE ID: CVE-2023-26462 (Critical)
  • Vulnerability in typecho (02 Mar 2023)

     A Remote code execution (RCE) vulnerability via install.php has been discovered in typecho. The affected version is typecho 1.1/17.10.30.
    CVE ID: CVE-2023-24114 (Critical)
  • Misskey Security Update (02 Mar 2023)

     Misskey has released a security update to address a SQL injection vulnerability in its products. The affected versions are Misskey prior to 13.3.3.
    CVE ID: CVE-2023-24812 (Critical)
  • Vulnerability in H3C A210-G (02 Mar 2023)

     An access control vulnerability has been discovered in H3C A210-G that allows attackers to authenticate without a password. The affected version is H3C A210-G A210-GV100R005.
    CVE ID: CVE-2023-24093 (Critical)
  • Sequelize Security Update (02 Mar 2023)

     Sequelize has released a security update to address a SQL injection vulnerability in it. The affected versions are Sequelize prior to 6.19.1.
    CVE ID: CVE-2023-25813 (Critical)
  • Vulnerability in SeaCMS (02 Mar 2023)

     A deserialization vulnerability has been discovered in SeaCMSd. The affected version is SeaCMS 11.6.
    CVE ID: CVE-2023-0960 (Critical)
  • Code Execution Backdoor in MvcTools (02 Mar 2023)

     It has been discovered that MvcTools contains a code execution backdoor via the request package that allows to access sensitive user information and execute arbitrary code. The affected version is MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737.
    CVE ID: CVE-2023-24108 (Critical)
  • Vulnerability in GitHub Repository (02 Mar 2023)

     A path traversal vulnerability has been discovered in a GitHub repository. The affected versions are GitHub repository flatpressblog/flatpress prior to 1.3.
    CVE ID: CVE-2023-0947 (Critical)
  • Vulnerability in GeoTools (02 Mar 2023)

     A SQL Injection vulnerability has been discovered in GeoTools when executing OGC Filters with JDBCDataStore implementations. Security updates and mitigations are available.
    CVE ID: CVE-2023-25158 (Critical)
  • Red Hat Security Updates (02 Mar 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in Mitsubishi Electric's Equipment (02 Mar 2023)

     An information disclosure vulnerability due to plaintext storage of password has been discovered in Mitsubishi Electric's Equipment- MELSEC iQ-F Series which can allows to login into FTP server or Web server by obtaining plaintext credentials stored in project files.
    CVE ID: CVE-2023-0457 (High)
  • Baicells Security Update (01 Mar 2023)

     Baicells has released a security update to address an improper code exploitation via HTTP GET command injections in Baicells EG7035-M11 devices. The affected versions are Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8.
    CVE ID: CVE-2023-1097
  • Drupal Security Updates for Contributes Projects (01 Mar 2023)

     Drupal has released security updates to address multiple vulnerabilities in various Drupal modules.

  • NVIDIA Security Updates (01 Mar 2023)

     NVIDIA has released security updates for NVIDIA CUDA Toolkit software that address vulnerabilities that can lead to Denial of Service (DoS) or information disclosure. All versions prior to 12.1 for Linux and Windows are affected. 
    CVE ID: CVE-2023-0193 (Medium), CVE-2023-0196 (Low)
  • Versionn Security Update (01 Mar 2023)

     Versionn has released a security update to address a command injection vulnerability in it. All versions of Versionn prior to 1.1.0 are affected. 
    CVE ID: CVE-2023-25805 (Critical)
  • Vulnerability in Apache Kerby (01 Mar 2023)

     A LDAP injection vulnerability has been discovered in LdapIdentityBackend for Apache Kerby. The affected versions are LdapIdentityBackend of Apache Kerby before 2.0.3.
    CVE ID: CVE-2023-25613 (Critical)
  • Vulnerability in SourceCodester Online Pizza Ordering System (01 Mar 2023)

     SQL Injection vulnerability has been discovered in SourceCodester Online Pizza Ordering System. The affected version is SourceCodester Online Pizza Ordering System 1.0.
    CVE ID: CVE-2023-0910 (Critical)
  • Vulnerability in SourceCodester Online Pizza Ordering System (01 Mar 2023)

     Missing Authentication vulnerability has been discovered in SourceCodester Online Pizza Ordering System. The affected version is SourceCodester Online Pizza Ordering System 1.0.
    CVE ID: CVE-2023-0906 (Critical)
  • Ubuntu Released Security Updates for Multiple Products (01 Mar 2023)

     Ubuntu has released security updates to address several vulnerabilities in Git, and Firefox packages. The affected products are Ubuntu 14.04 ESM, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS.

  • Multiple Vulnerabilities in Cisco IP Phones  (01 Mar 2023)

     Multiple vulnerabilities have been discovered in the web-based management interface of Cisco IP Phones that can allow to execute arbitrary code or can cause a Denial of Service (DoS) condition. The affected products are Cisco IP Phone 6800, 7800, 7900, & 8800 Series, Unified IP Phone 7900 Series, Unified IP Conference Phone 8831 and Unified IP Conference Phone 8831 with Multiplatform Firmware. Updates are available for some products.
    CVE ID: CVE-2023-20078 (Critical), CVE-2023-20079 (High)
  • Versionn Security Update (01 Mar 2023)

     Versionn has released a security update to address a command injection vulnerability in it. All versions of Versionn prior to 1.1.0 are affected. 
    CVE ID: CVE-2023-25805 (Critical)
  • Vulnerability in Apache Kerby (01 Mar 2023)

     A LDAP injection vulnerability has been discovered in LdapIdentityBackend for Apache Kerby. The affected versions are LdapIdentityBackend of Apache Kerby before 2.0.3.
    CVE ID: CVE-2023-25613 (Critical)
  • Vulnerability in SourceCodester Online Pizza Ordering System (01 Mar 2023)

     SQL Injection vulnerability has been discovered in SourceCodester Online Pizza Ordering System. The affected version is SourceCodester Online Pizza Ordering System 1.0.
    CVE ID: CVE-2023-0910 (Critical)
  • Vulnerability in SourceCodester Online Pizza Ordering System (01 Mar 2023)

     Missing Authentication vulnerability has been discovered in SourceCodester Online Pizza Ordering System. The affected version is SourceCodester Online Pizza Ordering System 1.0.
    CVE ID: CVE-2023-0906 (Critical)
  • Ubuntu Released Security Updates for Multiple Products (01 Mar 2023)

     Ubuntu has released security updates to address several vulnerabilities in Git, and Firefox packages. The affected products are Ubuntu 14.04 ESM, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS.

  • Multiple Vulnerabilities in Cisco IP Phones  (01 Mar 2023)

     Multiple vulnerabilities have been discovered in the web-based management interface of Cisco IP Phones that can allow to execute arbitrary code or can cause a Denial of Service (DoS) condition. The affected products are Cisco IP Phone 6800, 7800, 7900, & 8800 Series, Unified IP Phone 7900 Series, Unified IP Conference Phone 8831 and Unified IP Conference Phone 8831 with Multiplatform Firmware. Updates are available for some products.
    CVE ID: CVE-2023-20078 (Critical), CVE-2023-20079 (High)
  • Multiple Vulnerabilities in Cisco Products (01 Mar 2023)

     Multiple vulnerabilities have been discovered in several Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system. Updates are available for some products.
    CVE ID: CVE-2023-20104 (Medium), CVE-2023-20088 (Medium), CVE-2023-20061 (Medium), CVE-2023-20062 (Medium), CVE-2023-20069 (Medium)
  • WordPress Released Security Update for Maspik plugin (01 Mar 2023)

     WordPress has released security updates to resolve a Cross-Site Request Forgery ( vulnerability in Maspik plugin. The affected versions are Maspik plugin versions up to and including 0.7.8.
    CVE ID: CVE-2023-24008 (Medium)
  • WordPress Released Security Update for WoodMart theme (01 Mar 2023)

     WordPress has released security updates to resolve an unauthorized shortcode injection vulnerability in WoodMart theme. The affected versions are WoodMart theme versions up to, and including, 7.1.1.
    CVE ID: CVE-2023-25790 (Medium)
  • Multiple Vulnerabilities in WordPress Plugins (01 Mar 2023)

     Multiple vulnerabilities have been discovered in various WordPress plugins. Security updates & patches are available.

  • Dell Security Updates (01 Mar 2023)

     Dell has released security updates to address Apache Tomcat version disclosure & RabbitMQ version disclosure vulnerabilities in Dell NetWorker. The affected versions are Dell NetWorker, NVE 19.5 and earlier.
    CVE ID: CVE-2023-25544 (High), CVE-2023-24567 (High)
  • Google Released Security Updates for Chrome (01 Mar 2023)

     Google has released Chrome 111 (111.0.5563.48/49) for Android, Chrome Beta 111 (111.0.5563.49) for Android, Stable channel 111.0.5563.50 for Windows and Mac, and Beta channel 111.0.5563.50 for Windows, Mac and Linux.

  • Huawei Security Update (01 Mar 2023)

     Huawei has released a security update to address an out-of-bounds write vulnerability in Huawei sound box product that can cause buffer overflow. The affected version is FLMG-10 10.0.1.0(H100SP22C00).
    CVE ID: CVE-2022-48330 (High)
  • SUSE Security Updates (01 Mar 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Trusted Computing Group Security Update for Trusted Platform Module (01 Mar 2023)

    The Trusted Computing Group (TCG) has released an update to address multiple buffer overflow vulnerabilities in the Trusted Platform Module (TPM) that allows either read-only access to sensitive data or overwriting of normally protected data. The affected version is Trusted Platform Module (TPM) 2.0 reference library specification.
    CVE ID: CVE-2023-1017, CVE-2023-1018
  • Red Hat Security Updates (01 Mar 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (01 Mar 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Debian Security Update (01 Mar 2023)

    Debian has released a security update to resolve integer overflow and buffer out-of-bounds vulnerabilities in syslog-ng package, which can cause Denial of Service (DoS) via crafted syslog input.
    CVE ID: CVE-2022-38725 (High)
  • Aruba Security Updates (28 Feb 2023)

     Aruba has released security updates to address multiple vulnerabilities in its products. The affected products are Aruba Mobility Conductor (formerly Mobility Master), Aruba Mobility Controllers, and WLAN Gateways and SD-WAN Gateways managed by Aruba Central.
    CVE ID: CVE-2021-3712 (High), CVE-2023-22747 (Critical), CVE-2023-22748 (Critical), CVE-2023-22749 (Critical), CVE-2023-22750 (Critical), CVE-2023-22751 (Critical), CVE-2023-22752 (Critical), CVE-2023-22753 (High), CVE-2023-22754 (High), CVE-2023-22755 (High), CVE-2023-22756 (High), CVE-2023-22757 (High), CVE-2023-22758 (High), CVE-2023-22759 (High), CVE-2023-22760 (High), CVE-2023-22761 (High), CVE-2023-22762 (High), CVE-2023-22763 (High), CVE-2023-22764 (High), CVE-2023-22765 (High), CVE-2023-22766 (High), CVE-2023-22767 (High), CVE-2023-22768 (High), CVE-2023-22769 (High), CVE-2023-22770 (High), CVE-2023-22771 (Medium), CVE-2023-22772 (Medium), CVE-2023-22773 (Medium), CVE-2023-22774 (Medium), CVE-2023-22775 (Medium), CVE-2023-22776 (Medium), CVE-2023-22777 (Medium), CVE-2023-22778 (Medium)
  • Mozilla Firefox Released Security Update for Android (28 Feb 2023)

     Mozilla has released a security update to address a use after free vulnerability in Firefox for Android 110.1.0. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-25747 (High)
  • Multiple Vulnerabilities in EC-CUBE (28 Feb 2023)

    Multiple Cross Site Scripting (XSS) vulnerabilities have been discovered in EC-CUBE that can cause execution of arbitrary scripts on the web browser. The affected products are EC-CUBE 4 series, EC-CUBE 3 series, and EC-CUBE 2 series. The security updates and workarounds are available.
    CVE ID: CVE-2023-22438 (Medium), CVE-2023-25077 (Medium), CVE-2023-22838 (Medium)
  • Vulnerability in web2py (28 Feb 2023)

    An open redirect vulnerability has been discovered in web2py admin development tool that may be redirected to an arbitrary website by accessing a specially crafted URL results in a phishing attack. The affected versions are web2py prior to 2.23.1.
    CVE ID: CVE-2023-22432 (Medium)
  • VMware Security Update (28 Feb 2023)

    VMware has released a security update to address a passcode bypass vulnerability in VMware Workspace ONE Content. All versions of VMware Workspace ONE Content running on Android are affected whereas all versions of VMware Workspace ONE Content running on iOS are unaffected.
    CVE ID: CVE-2023-20857 (Medium)
  • WordPress Released Security Updates for GN Publisher plugin (28 Feb 2023)

    WordPress has released security updates to resolve a reflected Cross-Site Scripting (XSS) vulnerability in the GN Publisher plugin. The affected versions are GN Publisher plugin versions up to, and including 1.5.5.
    CVE ID: CVE-2023-1080 (Medium)
  • Dell Security Updates and Workarounds (28 Feb 2023)

    Dell has released security updates and workarounds to address multiple vulnerabilities in Dell PowerScale OneFS that can be exploited by malicious users to compromise the affected system.

  • SUSE Security Updates (28 Feb 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Vulnerability in Hitachi Energy’s Equipment (28 Feb 2023)

    An update package validation vulnerability has been discovered in Hitachi Energy’s Equipment- Relion 670, 650 and SAM600-IO Series products. Successful exploitation of this vulnerability can cause the IED to restart, causing a temporary Denial of Service (DoS).
    CVE ID: CVE-2022-3864 (Medium)
  • Vulnerability in Liima (28 Feb 2023)

    Hibernate query language (HQL) injection vulnerability has been discovered in Liima. The affected versions are Liima before 1.17.28.
    CVE ID: CVE-2023-26093 (Critical)
  • Vulnerability in TOTOLINK A720R (28 Feb 2023)

    Server-side template injection vulnerability has been discovered in TOTOLINK A720R. The affected version is TOTOLINK A720R V4.1.5cu.532_ B20210610.
    CVE ID: CVE-2023-23064 (Critical)
  • Vulnerability in SourceCodester Music Gallery Site (28 Feb 2023)

    SQL injection vulnerability has been discovered in SourceCodester Music Gallery Site. The affected version is SourceCodester Music Gallery Site 1.0.
    CVE ID: CVE-2023-1054 (Critical)
  • Vulnerability in SourceCodester Music Gallery Site (28 Feb 2023)

    SQL injection vulnerability has been discovered in SourceCodester Music Gallery Site. The affected version is SourceCodester Music Gallery Site 1.0.
    CVE ID: CVE-2023-1053 (Critical)
  • WordPress Released Security Update for Houzez theme (28 Feb 2023)

    WordPress has released security update to resolve a privilege escalation vulnerability in Houzez theme. The affected versions are Houzez theme versions up to, and including, 2.7.1.
    CVE ID: CVE-2023-26540 (Critical)
  • Vulnerability in Liima (28 Feb 2023)

    Server-side template injection vulnerability has been discovered in Liima. The affected versions are Liima before 1.17.28.
    CVE ID: CVE-2023-26092 (Critical)
  • Red Hat Security Updates (28 Feb 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Ubuntu Released Security Updates for OpenJDK (28 Feb 2023)

     Ubuntu has released security updates to address several vulnerabilities in OpenJDK. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 16.04 ESM.
    CVE ID: CVE-2023-21830 (Medium), CVE-2023-21843 (Low), CVE-2023-21835 (Medium)
  • Red Hat Security Updates (27 Feb 2023)

     Red Hat has released security updates to address multiple vulnerabilities in service-binding-operator-bundle-container and service-binding-operator-container for for OpenShift Developer Tools and Services for OCP 4.9.s.

  • Ubuntu Released Security Updates for Apache Portable Runtime (27 Feb 2023)

     Ubuntu has released security updates to address an integer overflow vulnerability in Apache Portable Runtime (APR) that can result in memory corruption. The affected products are Ubuntu 22.10, and Ubuntu 22.04 LTS. 
    CVE ID: CVE-2022-24963 (Critical)
  • Multiple Vulnerabilities in WAGO Web-Based Management for Multiple Products (27 Feb 2023)

     Multiple vulnerabilities have been discovered in WAGO Web-Based Management for multiple products.
    CVE ID: CVE-2022-45138 (Critical), CVE-2022-45140 (Critical), CVE-2022-45137 (Medium), CVE-2022-45139 (Medium)
  • Vulnerability in SourceCodester Online Graduate Tracer System (27 Feb 2023)

     SQL injection vulnerability has been discovered in SourceCodester Online Graduate Tracer System. The affected version is SourceCodester Online Graduate Tracer System 1.0.
    CVE ID: CVE-2023-1040 (Critical)
  • Vulnerability in SourceCodester Best POS Management System (27 Feb 2023)

     SQL injection vulnerability has been discovered in SourceCodester Best POS Management System. The affected version is SourceCodester Best POS Management System 1.0.
    CVE ID: CVE-2023-0946 (Critical)
  • Vulnerability in SourceCodester Music Gallery Site (27 Feb 2023)

     SQL injection vulnerability has been discovered in SourceCodester Music Gallery Site. The affected version is SourceCodester Music Gallery Site 1.0.
    CVE ID: CVE-2023-0938 (Critical)
  • Vulnerability in ShopLentor WordPress plugin (27 Feb 2023)

     An unserialized user input vulnerability has been discovered in ShopLentor WordPress plugin, which can lead to PHP Object Injection. The affected versions are ShopLentor WordPress plugin before 2.5.4.
    CVE ID: CVE-2023-0232 (Critical)
  • Vulnerability in Gluster GlusterFS (27 Feb 2023)

     Out-of-bounds Read vulnerability has been discovered in Gluster GlusterFS. The affected version is Gluster GlusterFS 11.0.
    CVE ID: CVE-2023-26253 (Critical)
  • Vulnerability in codeprojects Pharmacy Management System (27 Feb 2023)

     An unrestricted upload vulnerability has been discovered in codeprojects Pharmacy Management System. The affected version is codeprojects Pharmacy Management System 1.0.
    CVE ID: CVE-2023-0918 (Critical)
  • Ubuntu Released Security Updates for Multiple Products (27 Feb 2023)

     Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • WordPress Released Security Update for Download Read More Excerpt Link plugin (27 Feb 2023)

     WordPress has released a security update to resolve a Cross-Site Request Forgery vulnerability in Download Read More Excerpt Link plugin. The affected versions are Download Read More Excerpt Link plugin versions up to, and including, 1.6.0.
    CVE ID: CVE-2023-1068 (Medium)
  • SUSE Security Updates (27 Feb 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (27 Feb 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • TigerVNC's Vulnerabilities Affects B&R Products (27 Feb 2023)

     It has been discovered that vulnerable TigerVNC versions are being used in B&R products. Successful exploitation of these vulnerabilities may allow an attacker to insert and run arbitrary code in an affected B&R product. Security  updates are available for some products.
    CVE ID: CVE-2019-15691 (High), CVE-2019-15692 (High), CVE-2019-15693 (High), CVE-2019-15694 (High), CVE-2019-15695 (High)
  • Debian Security Updates (27 Feb 2023)

     Debian has released security updates to resolve several vulnerabilities in spip, and python-werkzeug packages. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-23934 (Low), CVE-2023-25577 (High)
  • Debian Security Updates (26 Feb 2023)

     Debian has released security updates to resolve several vulnerabilities in php7.3, and nodejs package. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2022-31631 (Medium), CVE-2023-0567 (Medium), CVE-2023-0568 (Critical), CVE-2023-0662 (High), CVE-2022-43548 (High), CVE-2023-23920
  • Google Released Security Updates for Chrome (25 Feb 2023)

     Google has released Beta channel OS version: 15329.31.0 Browser version: 111.0.5563.41 for most ChromeOS devices.

  • Microsoft Edge Security Update (25 Feb 2023)

     Microsoft has released Microsoft Edge Stable Channel (Version 110.0.1587.56) to resolve multiple vulnerabilities.

  • GitLab Security Update (24 Feb 2023)

     GitLab has released Community Edition and Enterprise Edition version 15.9.1 to resolve a number of regressions and bugs in the 15.9 release and prior versions.

  • Vulnerability in LuckyframeWEB (24 Feb 2023)

     SQL injection vulnerability has been discovered in LuckyframeWEB. The affected version is LuckyframeWEB v3.5.
    CVE ID: CVE-2023-24221 (Critical)
  • Vulnerability in LuckyframeWEB (24 Feb 2023)

     SQL injection vulnerability has been discovered in LuckyframeWEB. The affected version is LuckyframeWEB v3.5.
    CVE ID: CVE-2023-24220 (Critical)
  • Vulnerability in LuckyframeWEB (24 Feb 2023)

     SQL injection vulnerability has been discovered in LuckyframeWEB. The affected version is LuckyframeWEB v3.5.
    CVE ID: CVE-2023-24219 (Critical)
  • Vulnerability in TOTOlink (24 Feb 2023)

     Command injection vulnerability has been discovered in TOTOlink. The affected version is TOTOlink A7100RU(V7.4cu.2313_B20191024).
    CVE ID: CVE-2023-24238 (Critical)
  • Vulnerability in TOTOlink (24 Feb 2023)

     Command injection vulnerability has been discovered in TOTOlink. The affected version is TOTOlink A7100RU(V7.4cu.2313_B20191024).
    CVE ID: CVE-2023-24236 (Critical)
  • Vulnerability in Sequalize js Library (24 Feb 2023)

     Improper attribute filtering vulnerability has been discovered in Sequalize js library that can allow an attacker to perform SQL injections.
    CVE ID: CVE-2023-22578 (Critical)
  • Vulnerability in PHP (24 Feb 2023)

     It has been discovered that in PHP the core path resolution function allocate buffer one byte too small, which can lead to unauthorized data access or modification. The affected versions are PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3.
    CVE ID: CVE-2023-0568 (Critical)
  • Vulnerability in Netgear (24 Feb 2023)

     A vulnerability has been discovered in Netgear that can lead to command injection. The affected version is Netgear WNDR3700v2 1.0.1.14.
    CVE ID: CVE-2023-0849 (Critical)
  • Vulnerability in Kardex Mlog (24 Feb 2023)

     Remote code execution vulnerability has been discovered in Kardex Mlog. The affected version is Kardex Mlog MCC 5.7.12+0-a203c2a213-master.
    CVE ID: CVE-2023-22855 (Critical)
  • Vulnerability in Libpeconv (24 Feb 2023)

     Integer overflow vulnerability has been discovered in Libpeconv before commit 75b1565 (30/11/2022).
    CVE ID: CVE-2023-23462 (Critical)
  • Vulnerability in Libpeconv (24 Feb 2023)

     Access violation vulnerability has been discovered in Libpeconv before commit b076013 (30/11/2022).
    CVE ID: CVE-2023-23461 (Critical)
  • Vulnerability in Priority Web (24 Feb 2023)

     It has been discovered that parameter manipulation on an unspecified end-point of Priority Web can allow authentication bypass. The affected version is Priority Web version 19.1.0.68.
    CVE ID: CVE-2023-23460 (Critical)
  • WordPress Released Security Update for All in One SEO Pack plugin (24 Feb 2023)

     WordPress has released a security update to resolve a Stored Cross-Site Scripting vulnerability in All in One SEO Pack plugin. The affected versions are All in One SEO Pack plugin versions up to, and including, 4.2.9.
    CVE ID: CVE-2023-0586 (Medium)
  • WordPress Released Security Update for All in One SEO Pack plugin (24 Feb 2023)

     WordPress has released a security update to resolve a Stored Cross-Site Scripting vulnerability in All in One SEO Pack plugin. The affected versions are All in One SEO Pack plugin versions up to, and including, 4.2.9.
    CVE ID: CVE-2023-0585 (Medium)
  • WordPress Released Security Update for WP Meta SEO plugin (24 Feb 2023)

     WordPress has released a security update to resolve a Cross-Site Request Forgery vulnerability in WP Meta SEO plugin. The affected versions are WP Meta SEO plugin versions up to, and including, 4.5.3.
    CVE ID: CVE-2023-1029 (Medium)
  • WordPress Released Security Update for Spotify Play Button for WordPress plugin (24 Feb 2023)

     WordPress has released a security update to resolve a Stored Cross-Site Scripting vulnerability in Spotify Play Button for WordPress plugin. The affected versions areSpotify Play Button for WordPress plugin versions up to, and including, 2.05.

  • Multiple Vulnerabilities in Several IBM Products (24 Feb 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Multiple Vulnerabilities in Several IBM Products (24 Feb 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Multiple Vulnerabilities in PTC's Equipment (23 Feb 2023)

     Multiple vulnerabilities such as Improper Validation of Array Index, Integer Overflow or Wraparound have been discovered in PTC's Equipment- ThingWorx Edge. Successful exploitation of these vulnerabilities can allow an attacker to crash the device or could allow remote code execution. 
    CVE ID: CVE-2023-0755 (Critical), CVE-2023-0754 (Critical)
  • HAProxy Security Updates (23 Feb 2023)

     HAProxy has released security updates to address a bypass of access control vulnerability in the HTTP header parsers. The affected versions are HAProxy before 2.7.3.
    CVE ID: CVE-2023-25725 (Critical)
  • Vulnerability in ConnectWise Control (23 Feb 2023)

     A vulnerability has been discovered in ?ConnectWise Control through 22.9.10032 that allows to escalate privileges, or execute arbitrary commands.
    CVE ID: CVE-2023-25718 (Critical)
  • Vulnerability in Food Ordering System (23 Feb 2023)

     An arbitrary file upload vulnerability has been discovered in Food Ordering System that allows attackers to execute arbitrary code via a crafted PHP file. The affected version is Food Ordering System v2.0.
    CVE ID: CVE-2023-24646 (Critical)
  • Vulnerability in Ruckus Wireless Admin (23 Feb 2023)

     A Remote Code Execution (RCE) vulnerability has been discovered in Ruckus Wireless Admin via an unauthenticated HTTP GET Request. The affected versions are Ruckus Wireless Admin through 10.4.
    CVE ID: CVE-2023-25717 (Critical)
  • Vulnerability in GitHub Repository (23 Feb 2023)

     A command injection vulnerability has been discovered in a GitHub repository. The affected versions are GitHub repository thorsten/phpmyfaq prior to 3.1.11.
    CVE ID: CVE-2023-0789 (Critical)
  • Vulnerability in GitHub Repository (23 Feb 2023)

     A code Injection vulnerability has been discovered in a GitHub repository. The affected versions are GitHub repository thorsten/phpmyfaq prior to 3.1.11.
    CVE ID: CVE-2023-0788 (Critical)
  • Ubuntu Released Security Updates for Linux kernel (AWS) (23 Feb 2023)

     Ubuntu has released security updates to address several vulnerabilities in Linux kernel (AWS). The affected product is Ubuntu 16.04 ESM.
    CVE ID: CVE-2023-0045 (Low), CVE-2023-23559 (High), CVE-2022-41858 (High), CVE-2021-4155 (Medium), CVE-2022-42895 (Medium), CVE-2022-20566 (High)
  • Google Released Security Updates for Chrome (23 Feb 2023)

     Google has released Stable channel 110.0.5481.181 (Platform version: 15278.72.0) for most ChromeOS devices, Beta channel 111.0.5563.41 for Windows, Mac and Linux, Chrome Dev 112 (112.0.5610.0) for Android and LTC-108, 108.0.5359.221 (Platform Version: 15183.8240) for most ChromeOS devices to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-0128 (High), CVE-2023-0129 (High), CVE-2022-4139 (High), CVE-2022-4378 (High), CVE-2022-45934 (High)
  • SUSE Security Updates (23 Feb 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several NetApp Products (23 Feb 2023)

     Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates are available for some products.

  • Debian Security Updates (23 Feb 2023)

     Debian has released security updates to resolve several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Red Hat Security Updates (23 Feb 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple ClamAV Vulnerabilities in Synology Products (22 Feb 2023)

     Multiple ClamAV vulnerabilities allow remote attackers to execute arbitrary code or local users to obtain sensitive information via a susceptible version of Antivirus Essential, Synology Mail Server, and Synology MailPlus Server. Security updates are available for some products.
    CVE ID: CVE-2023-20032 (Critical), CVE-2023-20052 (Medium)
  • Multiple Vulnerabilities in SHIRASAGI (22 Feb 2023)

     Multiple Cross Site Scripting (XSS) vulnerabilities have been discovered in SHIRASAGI. The affected versions are SHIRASAGI v1.16.2 and earlier. Security update is available.
    CVE ID: CVE-2023-22425 (Medium), CVE-2023-22427 (Medium)
  • Ubuntu Released Security Updates for Multiple Products (22 Feb 2023)

     Ubuntu has released security updates to address several vulnerabilities in Linux kernel (HWE), and MariaDB. The affected products are Ubuntu 16.04 ESM, Ubuntu 22.10, Ubuntu 22.04 LTS, and Ubuntu 20.04 LTS.

  • Multiple Vulnerabilities in WordPress Plugins (22 Feb 2023)

     Multiple vulnerabilities have been discovered in various WordPress plugins. Security updates & patches are available for some plugins.

  • Dell PowerVault ME5 Security Update for OpenSSL Vulnerability (22 Feb 2023)

     Dell has released a security update to address the OpenSSL vulnerability in Dell PowerVault ME5. The affected products are ME5012, ME5024, & ME5084 using versions before ME5.1.1.0.5.
    CVE ID: CVE-2022-0778 (High)
  • Vulnerability in F5 Products (22 Feb 2023)

     Multiple vulnerabilities have been discovered in BIG-IP (all modules), F5OS, NGINX and several products of F5.
    CVE ID: CVE-2022-41622 (Medium), CVE-2022-36760 (Medium)
  • SUSE Security Updates (22 Feb 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (22 Feb 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Vulnerability in TOTOLINK (22 Feb 2023)

     A command injection vulnerability has been discovered in TOTOLINK CA300-PoE. The affected version is TOTOLINK CA300-PoE V6.2c.884.
    CVE ID: CVE-2023-24161 (Critical)
  • Vulnerability in TOTOLINK (22 Feb 2023)

     A command injection vulnerability has been discovered in TOTOLINK CA300-PoE. The affected version is TOTOLINK CA300-PoE V6.2c.884.
    CVE ID: CVE-2023-24160 (Critical)
  • Vulnerability in TOTOLINK (22 Feb 2023)

     A command injection vulnerability has been discovered in TOTOLINK CA300-PoE. The affected version is TOTOLINK CA300-PoE V6.2c.884.
    CVE ID: CVE-2023-24159 (Critical)
  • Vulnerability in COMOS (22 Feb 2023)

     A Structured Exception Handler (SEH) based buffer overflow vulnerability has been discovered in cache validation service of COMOS which can cause execute arbitrary code & Denial of Service (DoS) condition. The affected versions are COMOS V10.2, COMOS V10.3.3.1, COMOS V10.3.3.2, COMOS V10.3.3.3, COMOS V10.3.3.4, COMOS V10.4.0.0, COMOS V10.4.1.0, COMOS V10.4.2.0. 
    CVE ID: CVE-2023-24482 (Critical)
  • Vulnerability in ureport (22 Feb 2023)

     A directory traversal vulnerability has been discovered in ureport v2.2.9.
    CVE ID: CVE-2023-24188 (Critical)
  • Vulnerability in Tenda AC23 (22 Feb 2023)

     A vulnerability has been discovered in Tenda AC23 that leads to out-of-bounds write. The affected version is Tenda AC23 16.03.07.45.
    CVE ID: CVE-2023-0782 (Critical)
  • Vulnerability in GitHub Repository (22 Feb 2023)

     A code injection vulnerability has been discovered in the GitHub repository pyload. The affected version are pyload prior to 0.5.0b3.dev31.
    CVE ID: CVE-2023-0297 (Critical)
  • Google Released Security Updates for Chrome (22 Feb 2023)

     Google has released Chrome Beta 111 (111.0.5563.39) for iOS, Chrome Beta 111 (111.0.5563.38) for Android, Stable channel 109.0.5414.129 for Windows Server 2012 & Windows Server 2012 R2, Chrome 110 (110.0.5481.153/.154) for Android, Stable channel 110.0.5481.177 for Mac and Linux and 110.0.5481.177/.178 for Windows to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-0941 (Critical), CVE-2023-0927 (High), CVE-2023-0928 (High), CVE-2023-0929 (High), CVE-2023-0930 (High), CVE-2023-0931 (High), CVE-2023-0932 (High), CVE-2023-0933 (Medium)
  • Zyxel Security Update (22 Feb 2023)

    Zyxel has released security updates to address a security misconfiguration vulnerability in 4G LTE indoor routers. The affected versions are 4G LTE indoor routers: LTE3202-M437 V1.00(ABWF.1)C0, and LTE3316-M604 V2.00(ABMP.6)C0.
    CVE ID: CVE-2023-22920 (Critical)
  • Multiple Vulnerabilities in HP PC BIOS (22 Feb 2023)

    Multiple Time of Check to Time-of Use (TOCTOU) vulnerabilities have been discovered in the HP BIOS for certain HP PC products that may allow arbitrary code execution, Denial of Service (DoS), and information disclosure.
    CVE ID: CVE-2022-27539 (High), CVE-2022-27541 (High), CVE-2022-43777 (High), CVE-2022-43778 (High)
  • Hitachi's Vulnerability Affects ABB Products (21 Feb 2023)

     Hitachi's IEC 61850 Communication Stack vulnerability has been discovered in ABB's AC 800PEC and AC 800PEC-based products. 
    CVE ID: CVE-2022-3353 (Medium)
  • Red Hat Security Updates (21 Feb 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Ubuntu Released Security Updates for Multiple Products (21 Feb 2023)

    Ubuntu has released security updates to address several vulnerabilities in chromium-browser, and libxpm packages. The affected products are Ubuntu 18.04 LTS, and Ubuntu 16.04 ESM.
    CVE ID: CVE-2023-0700 (Medium), CVE-2023-0471 (High), CVE-2023-0696 (High), CVE-2023-0705 (High), CVE-2023-0703 (High), CVE-2023-0473 (High), CVE-2023-0702 (High), CVE-2023-0704 (Medium), CVE-2023-0698 (High), CVE-2023-0699 (High), CVE-2023-0701 (High), CVE-2023-0474 (High), CVE-2023-0472 (High), CVE-2022-44617 (High), CVE-2022-4883 (High), CVE-2022-46285 (High)
  • Multiple Vulnerabilities in WordPress Plugins (21 Feb 2023)

    Multiple vulnerabilities have been discovered in various WordPress plugins. Security updates & patches are available.

  • WordPress Released Security Updates for Japanized For WooCommerce plugin (21 Feb 2023)

    WordPress has released security updates to resolve a reflected Cross-Site Scripting (XSS) vulnerability in Japanized For WooCommerce plugin. The affected products are Japanized For WooCommerce plugin versions up to, and including 2.5.4.
    CVE ID: CVE-2023-0942 (Medium)
  • Google Released Security Updates for Chrome (21 Feb 2023)

    Google has released Beta channel OS version: 15329.24.0 Browser version: 111.0.5563.31 for most ChromeOS devices, and Chrome Stable 110 (110.0.5481.114) for iOS.

  • Foxit PDF Editor Security Updates (21 Feb 2023)

    Foxit has released updated Foxit PDF Reader 12.1.1 and Foxit PDF Editor 12.1.1 to resolve multiple vulnerabilities in Foxit PDF Reader 12.1.0.15250 and earlier, and Foxit PDF Editor 12.1.0.15250 and all previous 12.x versions, 11.2.4.53774 and all previous 11.x versions, 10.1.10.37854 and earlier.

  • SUSE Security Updates (21 Feb 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Vulnerability in SAP BusinessObjects Business Intelligence Platform (21 Feb 2023)

    A vulnerability has been discovered in SAP BusinessObjects Business Intelligence Platform that can cause a high impact on confidentiality, integrity and availability of the application. The affected versions are SAP BusinessObjects Business Intelligence Platform (CMC) versions 420, 430.
    CVE ID: CVE-2023-24530 (Critical)
  • Vulnerability in ChiKoi (21 Feb 2023)

    A SQL injection vulnerability has been discovered in ChiKoi v1.0.
    CVE ID: CVE-2023-24084 (Critical)
  • Vulnerability in DataHub (21 Feb 2023)

    An authentication bypass vulnerability has been discovered in DataHub. The affected versions are DataHub prior to 0.8.45.
    CVE ID: CVE-2023-25562 (Critical)
  • DataHub Security Update (21 Feb 2023)

    DataHub has released security update to resolve an authentication bypass vulnerability.
    CVE ID: CVE-2023-25561 (Critical)
  • DataHub Security Update (21 Feb 2023)

    DataHub has released security update to resolve an authentication bypass vulnerability.
    CVE ID: CVE-2023-25560 (Critical)
  • Vulnerability in DataHub (21 Feb 2023)

    It has been discovered that the DataHub proxy does not adequately construct the URL when forwarding data to GMS, which allow to reroute requests from the DataHub Frontend to any arbitrary hosts. 
    CVE ID: CVE-2023-25557 (Critical)
  • Vulnerability in D-Link N300 WI-FI Router (21 Feb 2023)

    A stack overflow vulnerability has been discovered in D-Link N300 WI-FI Router DIR-605L v2.13B01.  
    CVE ID: CVE-2023-24351 (Critical)
  • Debian Security Updates (21 Feb 2023)

    Debian has released security updates to resolve multiple vulnerabilities in tiff, apr-util, python-cryptography, and amanda packages. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2022-25147 (Critical), CVE-2023-23931 (Medium), CVE-2022-37704, CVE-2023-0795 (Medium), CVE-2023-0796 (Medium), CVE-2023-0797 (Medium), CVE-2023-0798 (Medium), CVE-2023-0799 (Medium), CVE-2023-0800 (Medium), CVE-2023-0801 (Medium), CVE-2023-0802 (Medium), CVE-2023-0803 (Medium), CVE-2023-0804 (Medium).
  • VMware Security Updates (21 Feb 2023)

    VMware has released security updates to address XML External Entity (XXE), and injection vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-20858 (Critical), CVE-2023-20855 (High)
  • Multiple Vulnerabilities in Mitsubishi Electric's MELSOFT iQ AppPortal (21 Feb 2023)

     Multiple vulnerabilities have been discovered in Mitsubishi Electric's Equipment: MELSOFT iQ AppPortal. The affected versions are MELSOFT iQ AppPortal SW1DND-IQAPL-M versions 1.00A to 1.29F.
    CVE ID: CVE-2022-26377 (High), CVE-2022-31813 (Critical)
  • Vulnerability in Apache Tomcat (20 Feb 2023)

     Apache Commons FileUpload vulnerability has been discovered in Apache Tomcat which may allow an attacker to trigger DoS with a malicious upload or series of uploads.
    CVE ID: CVE-2023-24998
  • Debian Security Updates (20 Feb 2023)

     Debian has released security updates to resolve multiple vulnerabilities in python-django, clamav, and openssl packages. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-24580, CVE-2023-20032 (Critical), CVE-2023-20052 (Medium), CVE-2022-2097 (Medium), CVE-2022-4304, CVE-2022-4450 (High), CVE-2023-0215 (High), CVE-2023-0286 (Critical)
  • CVE - KB Correlation (20 Feb 2023)

    List of CVE IDs and corresponding Knowledge Base IDs as released by Microsoft during February 2023.

  • Debian Security Updates (20 Feb 2023)

     Debian has released security updates to resolve multiple vulnerabilities in thunderbird packages. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2022-46871 (High), CVE-2022-46877 (Medium), CVE-2023-0430, CVE-2023-0616, CVE-2023-0767, CVE-2023-23598, CVE-2023-23601, CVE-2023-23602, CVE-2023-23603, CVE-2023-23605, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25732, CVE-2023-25735, CVE-2023-25737, CVE-2023-25739, CVE-2023-25742, CVE-2023-25744, CVE-2023-25746
  • Multiple Vulnerabilities in WordPress Plugins (20 Feb 2023)

     Multiple vulnerabilities have been discovered in various WordPress plugins. Security updates & patches are available.

  • Multiple Vulnerabilities in Several IBM Products (20 Feb 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Debian Security Updates (18 Feb 2023)

     Debian has released security updates to resolve multiple vulnerabilities in c-ares, gnutls28, and golang-github-opencontainers-selinux packages. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2022-4904 (High), CVE-2019-16884 (High), CVE-2023-0361 (High)
  • Security Update for WPS Office (17 Feb 2023)

     WPS Office v11.2.0.11486 has been released to resolve vulnerabilities in earlier versions.

  • Red Hat Security Updates (17 Feb 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in WordPress (17 Feb 2023)

     Multiple vulnerabilities have been discovered in vSlider Multi Image Slider plugin, and WP Coder add custom html, css and js code plugin for WordPress. Security updates & patches are available for WP Coder add custom html, css and js code plugin.
    CVE ID: CVE-2023-0895 (High)
  • Google Released Security Updates for Chrome (17 Feb 2023)

     Google has released Beta channel 111.0.5563.33 for Windows, Mac and Linux, and dev channel 112.0.5596.2 for Windows, Linux and Mac.

  • SUSE Security Updates (17 Feb 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Vulnerability in GitHub Repository modoboa (17 Feb 2023)

     Authentication Bypass vulnerability has been discovered in GitHub repository modoboa. Versions prior to 2.0.4 are affected by the flaw.
    CVE ID: CVE-2023-0777 (Critical)
  • Vulnerability in D-Link N300 WI-FI Router (17 Feb 2023)

     Stack overflow vulnerability has been discovered in D-Link N300 WI-FI Router. The affected version is D-Link N300 WI-FI Router DIR-605L v2.13B01.
    CVE ID: CVE-2023-24352 (Critical)
  • Vulnerability in GitHub Repository answer (17 Feb 2023)

     Improper Access Control vulnerability has been discovered in GitHub repository answer. Versions prior to 1.0.4 are affected by the flaw.
    CVE ID: CVE-2023-0744 (Critical)
  • Joomla Security Update (16 Feb 2023)

     Joomla has released a security update to resolve an incorrect access control vulnerability in Joomla CMS. The affected versions are Joomla CMS versions 4.0.0 to 4.2.7.
    CVE ID: CVE-2023-23752 (Critical)
  • Multiple Vulnerabilities in Fortinet Products (16 Feb 2023)

    Multiple vulnerabilities have been discovered in several Fortinet products. Security updates are available.
    CVE ID: CVE-2022-39952 (Critical), CVE-2021-42756 (Critical)
  • Multiple Vulnerabilities in Delta Electronics Equipment DIAEnergie (16 Feb 2023)

     Multiple vulnerabilities such as Cross-Site Scripting (XSS), SQL injection, and authorization bypass have been discovered in Delta Electronics equipment - DIAEnergie, which allows to inject arbitrary code to retrieve and modify database contents and execute system commands. The affected DIAEnergie versions are version prior to v1.9.01.002, versions prior to v1.9.02.001 and versions prior to v1.9.03.001. 
    CVE ID: CVE-2022-41701 (High), CVE-2022-40965 (High), CVE-2022-41555 (High), CVE-2022-41702 (High), CVE-2022-41651 (High), CVE-2022-40967 (High), CVE-2022-41133 (High), CVE-2022-41773 (High), CVE-2022-41775 (High), CVE-2022-43447 (High), CVE-2022-43506 (High), CVE-2022-43457 (High), CVE-2022-43452 (High), CVE-2023-0822 
  • Vulnerability in BD's Equipment (16 Feb 2023)

     Credentials Management Errors vulnerability has been discovered in BD's Equipment- Alaris Infusion Central. The affected versions are Alaris Infusion Central software 1.1 to 1.3.2.
    CVE ID: CVE-2022-47376 (High)
  • Vulnerability in Sub-IoT Project's Equipment (16 Feb 2023)

     Out-of-bounds Write vulnerability has been discovered in Sub-IoT project's Equipment- DASH 7 Alliance Protocol stack implementation. All versions of Sub-IoT DASH 7 Alliance protocol implementation prior to 0.5.0 are affected.
    CVE ID: CVE-2023-0847 (Medium)
  • Vulnerability in SourceCodester Medical Certificate Generator App (16 Feb 2023)

    A SQL injection vulnerability has been discovered in the SourceCodester Medical Certificate Generator App. The affected version is SourceCodester Medical Certificate Generator App 1.0.
    CVE ID: CVE-2023-0774 (Critical)
  • Vulnerability in Yugabyte Managed (16 Feb 2023)

    A relative path traversal vulnerability has been discovered in Yugabyte Managed. The affected versions are Yugabyte Managed 2.0 through 2.13.
    CVE ID: CVE-2023-0745 (Critical)
  • Vulnerability in glorylion JFinalOA (16 Feb 2023)

    A SQL injection vulnerability has been discovered in glorylion JFinalOA. The affected version is glorylion JFinalOA 1.0.2.
    CVE ID: CVE-2023-0758 (Critical)
  • Vulnerability in WAGO Unmanaged Switch (16 Feb 2023)

    A vulnerability has been discovered in WAGO Unmanaged Switch firmware version 01 that allows to read system information and configure a limited set of parameters. 
    CVE ID: CVE-2022-3843 (Critical)
  • Vulnerability in D-Link (16 Feb 2023)

    A stack overflow vulnerability has been discovered in D-Link N300 WI-FI Router. The affected version is D-Link N300 WI-FI Router DIR-605L v2.13B01.
    CVE ID: CVE-2023-24344 (Critical)
  • Red Hat Security Updates (16 Feb 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in ABB Products (15 Feb 2023)

     An improper authentication vulnerability has been discovered in ABB S+ Operations. The affected versions are ABB Ability Symphony Plus- S+ Operations 3.3 SP2 (part of SPR1 2023.0), S+ Operations 3.3 SP1 and earlier 3.x versions, S+ Operations 2.2, and S+ Operations 2.1 SP2 and earlier 2.x versions.
    CVE ID: CVE-2023-0228 (High)
  • Mozilla Released Security Updates for Thunderbird (15 Feb 2023)

     Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 102.8. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-0616 (Low), CVE-2023-25728 (High), CVE-2023-25730 (High), CVE-2023-0767 (High), CVE-2023-25735 (High), CVE-2023-25737 (High), CVE-2023-25738 (High), CVE-2023-25739 (High), CVE-2023-25729 (Medium), CVE-2023-25732 (Medium), CVE-2023-25734 (Medium), CVE-2023-25742 (Low), CVE-2023-25746 (High)
  • ClamAV Released Security Updates (15 Feb 2023)

    ClamAV has released updated versions 0.103.8, 0.105.2 and 1.0.1 to address multiple vulnerabilities in its products. ClamAV 0.104 has reached end-of-life according to the ClamAV End of Life (EOL) policy and will not be patched.
    CVE ID: CVE-2023-20032 (Critical), CVE-2023-20052 (Medium)
  • Vulnerability in GitHub Repository (15 Feb 2023)

    A Cross Site Scripting (XSS) vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository answerdev/answer prior to 1.0.4.
    CVE ID: CVE-2023-0740 (Critical)
  • Multiple Vulnerabilities in Cisco Products (15 Feb 2023)

    Multiple vulnerabilities have been discovered in several Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system. Updates are available for some products.
    CVE ID: CVE-2023-20032 (Critical), CVE-2023-20014 (High), CVE-2023-20009 (Medium), CVE-2023-20075 (Medium), CVE-2023-20052 (Medium), CVE-2022-20952 (Medium), CVE-2023-20053 (Medium), CVE-2023-20085 (Medium)
  • Ubuntu Released Security Updates for Multiple Products (15 Feb 2023)

    Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.

  • Juniper Released Security Updates (15 Feb 2023)

    Juniper has released security updates to address Denial of Service (DoS) condition in Juniper Networks Junos OS on MX Series & SRX Series. The affected versions are Junos OS 20.4 versions prior to 20.4R3-S4, 21.1 versions prior to 21.1R3-S3, 21.2 versions prior to 21.2R3-S2, 21.3 versions prior to 21.3R3, 21.4 versions prior to 21.4R3 and 22.1 versions prior to 22.1R2
    CVE ID: CVE-2023-22412 (High)
  • Multiple Vulnerabilities in Jenkins (15 Feb 2023)

    Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
    CVE ID: CVE-2023-25762 (High), CVE-2023-25761 (High), CVE-2023-25763 (High), CVE-2023-25764 (High), CVE-2023-25765 (High), CVE-2023-25766 (High), CVE-2023-25767 (Medium), CVE-2023-25768 (Medium), CVE-2023-23850 (Medium), CVE-2023-23847 (High), CVE-2023-23848 (High)
  • Multiple Vulnerabilities in WordPress (15 Feb 2023)

    Multiple vulnerabilities have been discovered in various WordPress plugins. Security updates & patches are available.

  • Google Released Security Updates for Chrome (15 Feb 2023)

    Google has released Stable channel 110.0.5481.112 (Platform version: 15278.64.0) for most ChromeOS devices, and Chrome Dev 112 (112.0.5594.1) for Android.

  • SUSE Security Updates (15 Feb 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (15 Feb 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Red Hat Security Updates (15 Feb 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in GitHub Repository (15 Feb 2023)

    A Cross Site Scripting (XSS) vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository answerdev/answer prior to 1.0.4.
    CVE ID: CVE-2023-0742 (Critical)
  • Multiple Vulnerabilities in Several IBM Products (15 Feb 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Multiple Vulnerabilities in AMD Products (14 Feb 2023)

     The privilege escalation and information disclosure vulnerabilities have been discovered in AMD products. The mitigations are available.
    CVE ID: CVE-2022-27677 (High), CVE-2022-27672 (Low)
  • Intel Security Updates (14 Feb 2023)

    Intel has released security updates to address multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2022-41614 (Medium), CVE-2022-41314 (Medium), CVE-2021-33104 (Medium), CVE-2022-38090 (Medium)
  • Multiple Vulnerabilities in Hitachi Energy Products (14 Feb 2023)

    Multiple vulnerabilities have been discovered in several Hitachi Energy products. An attacker can exploit these vulnerabilities to take control of an affected system. The workarounds/mitigations are available.

  • GitLab Security Updates (14 Feb 2023)

    GitLab has released updated versions 15.8.2, 15.7.7 and 15.6.8 for GitLab Community Edition (CE) and Enterprise Edition (EE).
    CVE ID: CVE-2023-23946 (Critical), CVE-2023-22490 (Critical)
  • Microsoft Released February 2023 Security Updates (14 Feb 2023)

    Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.

  • Vulnerability in Weintek's Equipment (14 Feb 2023)

    A path traversal vulnerability has been discovered in Weintek's Equipment- EasyBuilder Pro. The affected versions are Weintek EasyBuilder Pro: v6.07.01 and prior, v6.07.02.479 and prior, and v6.08.01.349 and prior. The updates are available.
    CVE ID: CVE-2023-0104 (Critical)
  • Microsoft Security Updates for Windows iSCSI Discovery Service (14 Feb 2023)

    Microsoft has released security updates to resolve Remote Code Execution (RCE) vulnerability in Windows iSCSI Discovery Service.
    CVE ID: CVE-2023-21803 (Critical)
  • Vulnerability in Microsoft Word (14 Feb 2023)

    A Remote Code Execution (RCE) vulnerability has been discovered in Microsoft Word. The updates are available.
    CVE ID: CVE-2023-21716 (Critical)
  • Microsoft Security Updates for Microsoft Protected Extensible Authentication Protocol (14 Feb 2023)

    Microsoft has released security updates to resolve Remote Code Execution (RCE) vulnerability in Microsoft's Protected Extensible Authentication Protocol (PEAP).
    CVE ID: CVE-2023-21692 (Critical)
  • Microsoft Security Updates for Microsoft Protected Extensible Authentication Protocol (14 Feb 2023)

    Microsoft has released security updates to resolve Remote Code Execution (RCE) vulnerability in Microsoft's Protected Extensible Authentication Protocol (PEAP).
    CVE ID: CVE-2023-21690 (Critical)
  • Microsoft Security Updates for Microsoft Protected Extensible Authentication Protocol (14 Feb 2023)

    Microsoft has released security updates to resolve Remote Code Execution (RCE) vulnerability in Microsoft's Protected Extensible Authentication Protocol (PEAP).
    CVE ID: CVE-2023-21689 (Critical)
  • GNU C Library Security Update (14 Feb 2023)

    GNU C Library has released a security update to address a buffer overflow vulnerability in Call Graph Monitor component of GNU C Library. The affected version is GNU C Library 2.38.
    CVE ID: CVE-2023-0687 (Critical)
  • Multiple Vulnerabilities in Siemens Products (14 Feb 2023)

    Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve these vulnerabilities.
    CVE ID: CVE-2022-1292 (Critical), CVE-2023-24482 (Critical), CVE-2022-37885 (Critical), CVE-2022-37886 (Critical), CVE-2022-37887 (Critical), CVE-2022-37888 (Critical), CVE-2022-37889 (Critical), CVE-2022-37890 (Critical), CVE-2022-37891 (Critical)
  • Multiple Vulnerabilities in WordPress (14 Feb 2023)

    Multiple vulnerabilities have been discovered in various WordPress plugins. Security updates & patches are available.

  • WordPress Released Security Updates for Ocean Extra plugin (14 Feb 2023)

    WordPress has released a security update to resolve an Authenticated Arbitrary Post Access vulnerability in Ocean Extra plugin. The affected products are Ocean Extra plugin versions up to, and including 2.1.2.
    CVE ID: CVE-2023-0749 (Medium)
  • Adobe Released Security Updates for Multiple Products (14 Feb 2023)

    Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Citrix Released Security Updates for Workspace Apps, and Virtual Apps and Desktops (14 Feb 2023)

    Citrix has released security updates to address multiple vulnerabilities in Citrix Workspace Apps for Windows and Linux, Virtual Apps and Desktops. A local user could exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-24486 (High), CVE-2023-24484 (High), CVE-2023-24485 (High), CVE-2023-24483 (High)
  • Mozilla Released Security Updates for Firefox ESR and Firefox (14 Feb 2023)

    Mozilla has released security updates to address multiple vulnerabilities in Firefox ESR 102.8 and Firefox 110. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Vulnerability Summary (14 Feb 2023)

    Summary of vulnerabilities for the week of February 06, 2023.

  • Google Released Security Updates for Chrome (14 Feb 2023)

    Google has released Stable channel 110.0.5481.100 for Windows, Mac and Linux.

  • SUSE Security Updates (14 Feb 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Red Hat Security Updates (14 Feb 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • WordPress Released Security Update for Profile Builder - User Profile & User Registration Forms plugin (14 Feb 2023)

     WordPress has released a security update to resolve a sensitive information disclosure vulnerability in Profile Builder - User Profile & User Registration Forms plugin. The affected versions are Profile Builder “ User Profile & User Registration Forms plugin versions up to, and including, 3.9.0.
    CVE ID: CVE-2023-0814 (Medium)
  • SonicWall Security Updates (14 Feb 2023)

     SonicWall has released security updates to address a vulnerability in SonicWall Email Security, that allows to access an error page that includes sensitive information about users email addresses. The affected versions are Email Security 10.0.19.7431 and earlier versions. 
    CVE ID: CVE-2023-0655 (Medium)
  • SAP Released February 2023 Security Updates (14 Feb 2023)

     SAP has released security updates to address several vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Multiple Vulnerabilities in Wired/Wireless LAN Pan/Tilt Network Camera (13 Feb 2023)

     Multiple vulnerabilities have been discovered in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G provided by PLANEX COMMUNICATIONS INC. All versions of Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G are affected.
    CVE ID: CVE-2023-22370 (Medium), CVE-2023-22375 (Medium), CVE-2023-22376 (Medium)
  • Ubuntu Released Security Updates for Multiple Products (13 Feb 2023)

     Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 16.04 ESM.

  • WordPress Released Security Update for Announce from the Dashboard plugin (13 Feb 2023)

     WordPress has released a security update to resolve a stored Cross-Site Scripting (XSS) vulnerability in Announce from the Dashboard plugin. The affected versions are Announce from the Dashboard plugin versions up to, and including, 1.5.1.

  • Apple Security Updates (13 Feb 2023)

     Apple has released security updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected device.
    CVE ID: CVE-2023-23529, CVE-2023-23514, CVE-2023-23522
  • Google Released Security Updates for Chrome (13 Feb 2023)

     Google has released Chrome 110 (110.0.5481.65) for Android, and Stable channel 110.0.5481.96 for Mac and Linux and 110.0.5481.96/.97 for Windows.

  • SUSE Security Updates (13 Feb 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (13 Feb 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Debian Security Updates (13 Feb 2023)

     Debian has released security updates to resolve several vulnerabilities in Wireshark package. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2022-4345 (Medium), CVE-2023-0411 (Medium), CVE-2023-0412 (Medium), CVE-2023-0413 (Medium), CVE-2023-0415 (Medium), CVE-2023-0417 (Medium)
  • Vulnerability in SourceCodester Canteen Management System (13 Feb 2023)

     A SQL injection vulnerability has been discovered in the SourceCodester Canteen Management System. The affected version is SourceCodester Canteen Management System 1.0.
    CVE ID: CVE-2023-0679 (Critical)
  • vBulletin Security Updates (13 Feb 2023)

     vBulletin has released security updates to address an arbitrary code vulnerability via a crafted HTTP request in it. The affected versions are vBulletin before 5.6.9 PL1.
    CVE ID: CVE-2023-25135 (Critical)
  • Multiple Vulnerabilities in Several IBM Products (13 Feb 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Debian Security Updates for Snort (11 Feb 2023)

     Debian has released security updates to resolve several vulnerabilities in the snort package. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2020-3299 (Medium), CVE-2020-3315 (Medium), CVE-2021-1223 (High), CVE-2021-1224 (Medium), CVE-2021-1236 (Medium), CVE-2021-1494, CVE-2021-1495 (Medium), CVE-2021-34749 (High), CVE-2021-40114 (High)
  • Vulnerability in PC Settings Tool (10 Feb 2023)

     A missing authentication for a critical function vulnerability has been discovered in the PC Settings Tool Library contained in the PC Settings Tool. The affected versions are PC Settings Tool Library versions 10.1.26.0 & earlier and versions 11.0.22.0 & earlier.
    CVE ID: CVE-2023-25011 (High)
  • Ubuntu Released Security Updates for Linux kernel (Azure) (10 Feb 2023)

     Ubuntu has released security updates to address several vulnerabilities in the linux-azure-4.15 package. The affected product is Ubuntu 18.04 LTS.
    CVE ID: CVE-2022-20369 (Medium), CVE-2022-41850 (Medium), CVE-2022-43750 (Medium), CVE-2022-3646 (Medium), CVE-2022-41849 (Medium), CVE-2022-39842 (Medium), CVE-2022-29900 (Medium), CVE-2022-3649 (High), CVE-2022-26373 (Medium), CVE-2022-2663 (Medium), CVE-2022-29901 (Medium)
  • Multiple Vulnerabilities in WordPress (10 Feb 2023)

     Multiple vulnerabilities have been discovered in Link Juice Keeper plugin, Podlove Podcast Publisher plugin, and Quick Paypal Payments plugin for WordPress. Security updates & patches are available.

  • Google Released Security Updates for Chrome (10 Feb 2023)

     Google has released dev channel 112.0.5582.0 for Windows, Linux and Mac, and Beta channel OS version: 15329.13.0 Browser version: 111.0.5563.14 for most ChromeOS devices.

  • SUSE Security Updates (10 Feb 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Vulnerability in Calendar Event Management System (10 Feb 2023)

     A SQL injection vulnerability has been discovered in Calendar Event Management System. The affected version is Calendar Event Management System 2.3.0.
    CVE ID: CVE-2023-0663 (Critical)
  • Barenboim json-parser Security Update (10 Feb 2023)

     Barenboim json-parser has released a security update to address a buffer overFlow vulnerability in Barenboim json-parser master. The affected version is Barenboim json-parser master v1.1.0.
    CVE ID: CVE-2023-23088 (Critical)
  • Vulnerability in TOTOLINK T8 (10 Feb 2023)

     A hard code password vulnerability has been discovered in TOTOLINK T8. The affected version is TOTOLINK T8 V4.1.5cu.
    CVE ID: CVE-2023-24155 (Critical)
  • Vulnerability in Easy Digital Downloads WordPress Plugin (10 Feb 2023)

     An unauthenticated SQL injection vulnerability has been discovered in Easy Digital Downloads WordPress Plugin. The affected versions are Easy Digital Downloads WordPress Plugin 3.1.0.2 and 3.1.0.3.
    CVE ID: CVE-2023-23489 (Critical)
  • SolarView Compact Security Updates (10 Feb 2023)

    SolarView Compact has released security updates to address multiple vulnerabilities in it. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2022-29303 (High), CVE-2022-40881 (High), CVE-2023-23333 (High), CVE-2022-29298 (Critical), CVE-2022-29302 (Medium)
  • Red Hat Security Updates (10 Feb 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (10 Feb 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Zuken Elmic KASAGO Security Update (10 Feb 2023)

    Zuken Elmic KASAGO has released a security update to address a vulnerability that can cause hijacking of ongoing TCP sessions or spoofing of future TCP sessions. The affected products are KASAGO IPv6/v4 Dual, KASAGO IPv4, KASAGO IPv4 Light and KASAGO mobile IPv6 which are using versions prior to Ver6.0.1.34.
    CVE ID: CVE-2022-43501 (Medium)
  • Microsoft Edge Security Update (09 Feb 2023)

     Microsoft has released Microsoft Edge Stable Channel (Version 110.0.1587.41) to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-21794 (Medium), CVE-2023-23374 (High)
  • Johnson Controls Security Updates for System Configuration Tool (SCT)  (09 Feb 2023)

    Johnson Controls has released security updates to resolve a Cross-Site Scripting (XSS) vulnerability in its Equipment- System Configuration Tool (SCT) that can allow access to cookies and take over the victim's session. The affected versions are all SCT version 14 prior to 14.2.3, and all SCT version 15 prior to 15.0.3.
    CVE ID: CVE-2022-21939 (High), CVE-2022-21940 (High)
  • Horner Automation Security Update (09 Feb 2023)

    Horner Automation has released a security update to address multiple vulnerabilities in its equipment- Cscape Envision RV. The affected product is Cscape Envision RV version 4.60. 
    CVE ID: CVE-2023-0621 (High), CVE-2023-0622 (High), CVE-2023-0623 (High)
  • Ubuntu Released Security Updates for Multiple Products (09 Feb 2023)

    Ubuntu has released security updates to address several vulnerabilities in multiple products. 

  • WordPress Released Security Updates for My Sticky Elements plugin (09 Feb 2023)

    WordPress has released a security update to resolve SQL injection vulnerability in My Sticky Elements plugin. The affected products are My Sticky Elements plugin versions up to, and including, 2.0.8.
    CVE ID: CVE-2023-0487 (High)
  • WordPress Released Security Updates for ImageMagick Engine plugin (09 Feb 2023)

    WordPress has released a security update to resolve Cross-Site Request Forgery (CSRF) vulnerability in ImageMagick Engine plugin. The affected products are ImageMagick Engine plugin versions up to, and including 1.7.5.
    CVE ID: CVE-2022-3568 (High)
  • Google Released Security Updates for Chrome (09 Feb 2023)

    Google has released Chrome 111 Beta channel (111.0.5563.19) for Windows, Mac and Linux, Chrome Dev 112 (112.0.5582.0) for Android, and Chrome Beta 111 (111.0.5563.15) for Android.

  • SUSE Security Updates (09 Feb 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Vulnerability in MojoJson (09 Feb 2023)

    A vulnerability has been discovered in MojoJson that allows attackers to execute arbitrary code via the destroy function. The affected version is MojoJson v1.2.3.
    CVE ID: CVE-2023-23087 (Critical)
  • Buffer OverFlow Vulnerability in MojoJson (09 Feb 2023)

    A buffer overFlow vulnerability has been discovered in MojoJson that allows an attacker to execute arbitrary code via the SkipString function. The affected version is MojoJson v1.2.3.
    CVE ID: CVE-2023-23086 (Critical)
  • Vulnerability in TOTOLINK Technology Routers (09 Feb 2023)

    A command injection vulnerability has been discovered in the function updateWifiInfo of TOTOLINK Technology routers T8 V4.1.5cu that allows to execute arbitrary commands via a crafted MQTT packet.
    CVE ID: CVE-2023-24157 (Critical)
  • Vulnerability in TOTOLINK Technology Routers (09 Feb 2023)

    A command injection vulnerability has been discovered in the function recvSlaveUpgstatus of TOTOLINK Technology routers T8 V4.1.5cu that allows to execute arbitrary commands via a crafted MQTT packet.
    CVE ID: CVE-2023-24156 (Critical)
  • Vulnerability in TOTOLINK Technology Routers (09 Feb 2023)

    A command injection vulnerability has been discovered via the slaveIpList parameter in the function setUpgradeFW of TOTOLINK Technology routers T8 V4.1.5cu.
    CVE ID: CVE-2023-24154 (Critical)
  • Vulnerability in GNU C Library (09 Feb 2023)

    A buffer overflow vulnerability has been discovered in sprintf of GNU C Library (glibc). The affected version is GNU C Library (glibc) 2.37.
    CVE ID: CVE-2023-25139 (Critical)
  • OpenSSH Security Update (09 Feb 2023)

    OpenSSH has released a security update to address a double-free vulnerability in OpenSSH server (sshd) during options.kex_algorithms handling. The affected version is OpenSSH server (sshd) 9.1.
    CVE ID: CVE-2023-25136 (Critical)
  • Vulnerability in TRENDnet TEW-652BRP (09 Feb 2023)

    A command injection vulnerability has been discovered in TRENDnet TEW-652BRP 3.04b01.
    CVE ID: CVE-2023-0640 (Critical)
  • Vulnerability in TRENDnet TEW-811DRU (09 Feb 2023)

    A command injection vulnerability has been discovered in TRENDnet TEW-811DRU 1.0.10.0.
    CVE ID: CVE-2023-0638 (Critical)
  • Jira Service Management Server and Data Center Security Updates (09 Feb 2023)

    Jira Service Management Server and Data Center has released security updates to resolve an authentication vulnerability, which allows an adversary to impersonate another user and gain access to a Jira Service Management instance under certain circumstances. 
    CVE ID: CVE-2023-22501 (Critical)
  • Vulnerability in BIG-IP (09 Feb 2023)

    A format string vulnerability has been discovered in iControl SOAP of BIG-IP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. The affected versions are BIG-IP 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5.
    CVE ID: CVE-2023-22374 (Critical)
  • Vulnerability in ModSecurity (09 Feb 2023)

    It has been discovered that an incorrect handling of '\0' bytes in file uploads in ModSecurity may allow Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall. The affected versions are ModSecurity before 2.9.7.
    CVE ID: CVE-2023-24021 (Critical)
  • Vulnerability in SAP NetWeaver ABAP Server and ABAP Platform(09 Feb 2023)

    A capture-replay vulnerability has been discovered in SAP NetWeaver ABAP Server and ABAP Platform that may allow illegitimate access to the system. The affected versions are SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT.
    CVE ID: CVE-2023-0014 (Critical)
  • Vulnerability in Zoho ManageEngine On-premise Products (09 Feb 2023)

    It has been discovered that Zoho ManageEngine on-premise products which use Apache xmlsec 1.4.1 are vulnerable to Remote Code Execution (RCE) vulnerability.
    CVE ID: CVE-2022-47966 (Critical)
  • Multiple Vulnerabilities in Jenkins (09 Feb 2023)

    Multiple Git vulnerabilities have been discovered in Jenkins Docker images. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
    CVE ID: CVE-2022-23521 (Critical), CVE-2022-41903 (Critical)
  • Control By Web Released Security Updates (09 Feb 2023)

    Control By Web has released security updates to address Cross-Site Scripting (XSS), and code injection vulnerabilities in its Web X-400 & Web X-600M. The affected products are Web X-400 prior to 2.8, and Web X-600M prior to 1.16.00.
    CVE ID: CVE-2023-23553 (Medium), CVE-2023-23551 (Critical)
  • Multiple Vulnerabilities in LS ELECTRIC's Equipment (09 Feb 2023)

    Multiple vulnerabilities have been discovered in LS ELECTRIC's Equipment- XBC-DN32U. The affected version is XBC-DN32U: Operating System version 01.80.
    CVE ID: CVE-2023-22803 (High), CVE-2023-22804 (Critical), CVE-2023-22805 (Medium), CVE-2023-22806 (High), CVE-2023-22807 (Critical), CVE-2023-0102 (Critical), CVE-2023-0103 (High)
  • Red Hat Security Updates (09 Feb 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Trend Micro Security Updates (08 Feb 2023)

     Trend Micro has released security updates to address multiple vulnerabilities in Trend Micro Worry-Free Business Security and Worry-Free Business Security Services (SaaS). The affected versions are Worry-Free Business Security (WFBS) 10.0 SP1, and Worry-Free Business Security Services (WFBSS) SaaS.
    CVE ID: CVE-2022-44649 (High), CVE-2022-44650 (High), CVE-2022-44654 (Medium), CVE-2022-45798 (High)
  • Android Security Updates (08 Feb 2023)

     Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2023-02-05 or later, address all of these issues.

  • Dahua Security Updates (08 Feb 2023)

     Dahua has released security updates to address an unauthorized device timestamp modification vulnerability in Dahua embedded products that allows modification in the device system time by sending a specially crafted packet to the vulnerable interface.
    CVE ID: CVE-2022-30564 (Medium)
  • Ubuntu Released Security Updates for Heimdal Package (08 Feb 2023)

    Ubuntu has released security updates to resolve Denial of Service (DoS) vulnerability in Heimdal GSSAPI package. The affected products are Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
    CVE ID: CVE-2022-45142
  • Palo Alto Networks Released Security Updates (08 Feb 2023)

    Palo Alto Networks has released security updates to resolve multiple vulnerabilities in Palo Alto Networks Cortex XSOAR, and Palo Alto Networks Cortex XDR agent.
    CVE ID: CVE-2023-0001 (Medium), CVE-2023-0002 (Medium), CVE-2023-0003 (Medium)
  • Vulnerability in RuoYi (08 Feb 2023)

    A SQL injection vulnerability has been discovered in RuoYi. The affected versions are RuoYi up to v4.7.5.
    CVE ID: CVE-2022-48114 (Critical)
  • Vulnerability in Tenda (08 Feb 2023)

    A stack overflow vulnerability has been discovered in Tenda W20E. The affected version is Tenda W20E v15.11.0.6.
    CVE ID: CVE-2022-48130 (Critical)
  • Vulnerability in Support Center Plus 11 (08 Feb 2023)

    An OS Command injection vulnerability has been discovered in Support Center Plus 11 via Executor in Action when creating new schedules. 
    CVE ID: CVE-2023-23076 (Critical)
  • Vulnerability in Apache InLong (08 Feb 2023)

    Deserialization of untrusted data vulnerability has been discovered in Apache Software Foundation Apache InLong. The affected versions are Apache InLong 1.1.0 through 1.5.0.
    CVE ID: CVE-2023-24997 (Critical)
  • Vulnerability in dompdf (08 Feb 2023)

    It has been discovered that URI validation on dompdf can be bypassed on SVG parsing. The affected version is dompdf 2.0.1.
    CVE ID: CVE-2023-23924 (Critical)
  • Vulnerability in Lexmark (08 Feb 2023)

    It has been discovered that SSRF vulnerability can occur because of a lack of input validation in Lexmark products. The affected versions are Lexmark products through 2023-01-12.
    CVE ID: CVE-2023-23560 (Critical)
  • Google Released Security Updates for Chrome (08 Feb 2023)

    Google has released Chrome Beta 111 (111.0.5563.19) for iOS, and dev channel 111.0.5563.19 for Windows, Linux and Mac.

  • Debian Security Updates (08 Feb 2023)

    Debian has released security updates to resolve several vulnerabilities in the shim and heimdal package. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2022-45142
  • Multiple Vulnerabilities in Several NetApp Products (08 Feb 2023)

    Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available for some products.

  • CISA Released ESXiArgs Ransomware Recovery Script (08 Feb 2023)

     CISA has released a recovery script for virtual machines affected by the ESXiArgs ransomware attacks.

  • Red Hat Security Updates (08 Feb 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Dell Security Updates (08 Feb 2023)

     Dell has released security updates to address a third-party BIOS vulnerability in Dell Networking products.
    CVE ID: CVE-2021-0144 (High)
  • Huawei Security Update (08 Feb 2023)

     Huawei has released a security update to address an identity authentication bypass vulnerability in Huawei Children Smart Watch (Simba-AL00). The affected version is Simba-AL00 1.1.1.274.
    CVE ID: CVE-2022-48305 (Medium)
  • CISA Released ESXiArgs Ransomware Recovery Script (08 Feb 2023)

     CISA has released a recovery script for virtual machines affected by the ESXiArgs ransomware attacks.

  • Red Hat Security Updates (08 Feb 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Dell Security Updates (08 Feb 2023)

     Dell has released security updates to address a third-party BIOS vulnerability in Dell Networking products.
    CVE ID: CVE-2021-0144 (High)
  • Huawei Security Update (08 Feb 2023)

     Huawei has released a security update to address an identity authentication bypass vulnerability in Huawei Children Smart Watch (Simba-AL00). The affected version is Simba-AL00 1.1.1.274.
    CVE ID: CVE-2022-48305 (Medium)
  • OpenSSL Security Updates (07 Feb 2023)

    OpenSSL released security updates to address multiple vulnerabilities in its products.
    CVE ID: CVE-2023-0401 (Medium), CVE-2023-0286 (High), CVE-2022-4203 (Medium), CVE-2022-4304 (Medium), CVE-2023-0215 (Medium), CVE-2022-4450 (Medium), CVE-2023-0216 (Medium), CVE-2023-0217 (Medium)
  • Vulnerability Summary (07 Feb 2023)

     Summary of vulnerabilities for the week of January 30, 2023.

  • Multiple Vulnerabilities in WordPress (07 Feb 2023)

     Multiple vulnerabilities have been discovered in various WordPress plugins. Security updates & patches are available.
    CVE ID: CVE-2023-0724 (Medium), CVE-2023-0712 (Medium), CVE-2023-0722 (Medium), CVE-2023-0713 (Medium), CVE-2023-0718 (Medium), CVE-2023-0717 (Medium), CVE-2023-0716 (Medium), CVE-2023-0730 (Medium), CVE-2023-0728 (Medium), CVE-2023-0726 (Medium), CVE-2023-0727 (Medium), CVE-2023-0725 (Medium), CVE-2023-0720 (Medium), CVE-2023-0731 (Medium), CVE-2023-0719 (Medium), CVE-2023-0729 (Medium), CVE-2023-0715 (Medium), CVE-2023-0711 (Medium), CVE-2023-0723 (Medium)
  • Google Released Security Updates for Chrome (07 Feb 2023)

     Google has released Chrome 110 (110.0.5481.63/.64) & Chrome Dev 111 (111.0.5563.15) for Android, Chrome Stable 110 (110.0.5481.83) for iOS and Chrome 110.0.5481.77/.78 for Windows, 110.0.5481.77 for Mac and Linux to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-0696 (High), CVE-2023-0697 (High), CVE-2023-0698 (High), CVE-2023-0699 (Medium), CVE-2023-0700 (Medium), CVE-2023-0701 (Medium), CVE-2023-0702 (Medium), CVE-2023-0703 (Medium), CVE-2023-0704 (Low), CVE-2023-0705 (Low)
  • SUSE Security Updates (07 Feb 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (07 Feb 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • EnOcean Edge Inc. Security Update (07 Feb 2023)

     EnOcean Edge Inc. has released a security update to address a use of hard-coded credentials vulnerability in its SmartServer with i.LON Vision equipment. The affected version is EnOcean SmartServer v2.2 SR8/SP8 (4.12.006) with i.LON Vision v2.2 SR8/SP8 (4.12.006).
    CVE ID: CVE-2022-3089 (Medium)
  • Vulnerability in Trend Micro Apex One (07 Feb 2023)

     A file upload vulnerability has been discovered in Trend Micro Apex One, which allows to upload arbitrary files to the SampleSubmission directory on the server. The affected version is Trend Micro Apex One server build 11110.
    CVE ID: CVE-2023-0587 (Critical)
  • Vulnerability in Serenissima Informatica Fast Checkin (07 Feb 2023)

     An unauthenticated SQL Injection vulnerability has been discovered in Serenissima Informatica Fast Checkin. The affected version is Serenissima Informatica Fast Checkin version v1.0.
    CVE ID: CVE-2022-47770 (Critical)
  • Vulnerability in Serenissima Informatica Fast Checkin (07 Feb 2023)

     An arbitrary file write vulnerability has been discovered in Serenissima Informatica Fast Checkin. The affected version is Serenissima Informatica Fast Checkin version v1.0.
    CVE ID: CVE-2022-47769 (Critical)
  • Ubuntu Released Security Updates for Multiple Products (07 Feb 2023)

     Ubuntu has released security updates to address several vulnerabilities in multiple products. 
    CVE ID: CVE-2023-0286 (High), CVE-2023-0215 (Medium), CVE-2020-7729 (High), CVE-2022-0436 (Medium), CVE-2022-1537 (High), CVE-2023-0494 (High), CVE-2022-23521 (Critical), CVE-2022-41903 (Critical), CVE-2023-0217 (Medium), CVE-2022-4304 (Medium), CVE-2022-4450 (Medium), CVE-2023-0401 (Medium), CVE-2022-4203 (Medium), CVE-2023-0216 (Medium)
  • Vulnerability Summary (07 Feb 2023)

     Summary of vulnerabilities for the week of January 30, 2023.

  • Multiple Vulnerabilities in WordPress (07 Feb 2023)

     Multiple vulnerabilities have been discovered in various WordPress plugins. Security updates & patches are available.
    CVE ID: CVE-2023-0724 (Medium), CVE-2023-0712 (Medium), CVE-2023-0722 (Medium), CVE-2023-0713 (Medium), CVE-2023-0718 (Medium), CVE-2023-0717 (Medium), CVE-2023-0716 (Medium), CVE-2023-0730 (Medium), CVE-2023-0728 (Medium), CVE-2023-0726 (Medium), CVE-2023-0727 (Medium), CVE-2023-0725 (Medium), CVE-2023-0720 (Medium), CVE-2023-0731 (Medium), CVE-2023-0719 (Medium), CVE-2023-0729 (Medium), CVE-2023-0715 (Medium), CVE-2023-0711 (Medium), CVE-2023-0723 (Medium)
  • Google Released Security Updates for Chrome (07 Feb 2023)

     Google has released Chrome 110 (110.0.5481.63/.64) & Chrome Dev 111 (111.0.5563.15) for Android, Chrome Stable 110 (110.0.5481.83) for iOS and Chrome 110.0.5481.77/.78 for Windows, 110.0.5481.77 for Mac and Linux to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-0696 (High), CVE-2023-0697 (High), CVE-2023-0698 (High), CVE-2023-0699 (Medium), CVE-2023-0700 (Medium), CVE-2023-0701 (Medium), CVE-2023-0702 (Medium), CVE-2023-0703 (Medium), CVE-2023-0704 (Low), CVE-2023-0705 (Low)
  • SUSE Security Updates (07 Feb 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (07 Feb 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • EnOcean Edge Inc. Security Update (07 Feb 2023)

     EnOcean Edge Inc. has released a security update to address a use of hard-coded credentials vulnerability in its SmartServer with i.LON Vision equipment. The affected version is EnOcean SmartServer v2.2 SR8/SP8 (4.12.006) with i.LON Vision v2.2 SR8/SP8 (4.12.006).
    CVE ID: CVE-2022-3089 (Medium)
  • Zyxel Security Updates (07 Feb 2023)

     Zyxel has released security updates to address multiple vulnerabilities in its products.
    CVE ID: CVE-2022-45854 (Low), CVE-2022-38547 (High), CVE-2022-45441 (High)
  • Red Hat Security Updates (07 Feb 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Debian Security Updates (06 Feb 2023)

     Debian has released security updates to resolve several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2022-4728 (Medium), CVE-2022-4729 (Medium), CVE-2022-4730 (Medium), CVE-2022-21619 (Low), CVE-2022-21624 (Low), CVE-2022-21626 (Medium), CVE-2022-21628 (Medium), CVE-2022-39399 (Low), CVE-2023-21835 (Medium), CVE-2023-21843 (Low), CVE-2022-42826, CVE-2023-23517 (High), CVE-2023-23518 (High)
  • Debian Security Updates (06 Feb 2023)

     Debian has released security updates to resolve several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2022-4728 (Medium), CVE-2022-4729 (Medium), CVE-2022-4730 (Medium), CVE-2022-21619 (Low), CVE-2022-21624 (Low), CVE-2022-21626 (Medium), CVE-2022-21628 (Medium), CVE-2022-39399 (Low), CVE-2023-21835 (Medium), CVE-2023-21843 (Low), CVE-2022-42826, CVE-2023-23517 (High), CVE-2023-23518 (High)
  • Vulnerability in Ichiran App (06 Feb 2023)

     It has been discovered that Ichiran App is vulnerable to improper server certificate verification that allows Man in the Middle (MITM) attack to eavesdrop on an encrypted communication. The affected products are Ichiran App for iOS versions prior to 3.1.0, and Ichiran App for Android versions prior to 3.1.0.
    CVE ID: CVE-2023-22367 (Medium)
  • Google Released Security Updates for Chrome (06 Feb 2023)

     Google has released Beta channel OS version: 15278.51.0 Browser version: 110.0.5464.81 for most ChromeOS devices, Chrome Beta 110 (110.0.5481.64) for Android and LTS channel 102.0.5005.196 (Platform Version: 14695.1782.0) for most ChromeOS devices to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-0129 (High), CVE-2023-0471 (High)
  • Ubuntu Released Security Updates for Multiple Products (06 Feb 2023)

     Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.

  • Vulnerability in taocms (06 Feb 2023)

     An arbitrary file upload vulnerability has been discovered in taocms that allows attackers to execute arbitrary code via a crafted PHP file. The affected version is taocms v3.0.2.
    CVE ID: CVE-2022-48006 (Critical)
  • Vulnerability in Robot Application (06 Feb 2023)

     An escalate of privileges vulnerability has been discovered in Robot application in Ip-label Newtest before v8.5R0.
    CVE ID: CVE-2022-23334 (Critical)
  • Vulnerability in D-Link (06 Feb 2023)

     A command injection vulnerability has been discovered in D-Link. The affected version is D-Link DIR_878_FW1.30B08.
    CVE ID: CVE-2022-48108 (Critical)
  • Ubuntu Re-Released Security Updates for Linux-Pluggable Authentication Modules (PAM) Package (06 Feb 2023)

     Ubuntu has re-released security updates to resolve an authentication bypass vulnerability in Linux-Pluggable Authentication Modules (PAM) package. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
    CVE ID: CVE-2022-28321 (Critical)
  • Multiple Vulnerabilities in MediaTek Products (06 Feb 2023)

    Multiple vulnerabilities have been discovered in MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT and Wi-Fi chipsets.
    CVE ID: CVE-2023-20602 (High), CVE-2023-20604 (Medium), CVE-2023-20605 (Medium), CVE-2023-20606 (Medium), CVE-2023-20607 (Medium), CVE-2023-20608 (Medium), CVE-2023-20609 (Medium), CVE-2023-20610 (Medium), CVE-2023-20611 (Medium), CVE-2023-20612 (Medium), CVE-2023-20613 (Medium), CVE-2023-20614 (Medium), CVE-2023-20615 (Medium), CVE-2023-20616 (Medium), CVE-2023-20618 (Medium), CVE-2023-20619 (Medium), CVE-2022-32642 (Medium), CVE-2022-32643 (Medium), CVE-2022-32654 (Medium), CVE-2022-32655 (Medium), CVE-2022-32656 (Medium), CVE-2022-32663 (Medium)
  • Multiple Vulnerabilities in Several IBM Products (06 Feb 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Red Hat Security Updates (06 Feb 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • SUSE Security Updates (04 Feb 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Vulnerability in Screen Creator Advance 2 (03 Feb 2023)

    Multiple vulnerabilities have been discovered in Screen Creator Advance 2. The affected versions are Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier.
    CVE ID: CVE-2023-22345 (High), CVE-2023-22346 (High), CVE-2023-22347 (High), CVE-2023-22349 (High), CVE-2023-22350 (High), CVE-2023-22353 (High), CVE-2023-22360 (High)
  • Delta Electronics Security Update (02 Feb 2023)

    Delta Electronics has released security update to address multiple vulnerabilities in its equipment- DIAScreen. Successful exploitation of these vulnerabilities can allow remote code execution. The affected versions are DIAScreen 1.2.1.23 and prior.
    CVE ID: CVE-2023-0250 (High), CVE-2023-0251 (High), CVE-2023-0249 (High)
  • Delta Electronics Security Update (02 Feb 2023)

    Delta Electronics has released security update to address an OS Command Injection vulnerability in its equipment- DVW-W02W2-E2. The affected version is DVW-W02W2-E2 2.42. 
    CVE ID: CVE-2022-42139 (Critical)
  • Delta Electronics Security Update (02 Feb 2023)

    Delta Electronics has released security update to address OS Command Injection, and Cross-site Scripting vulnerabilities in its equipment- DX-2100-L1-CN. The affected version is DX-2100-L1-CN 1.5.0.10. 
    CVE ID: CVE-2023-0432 (Critical), CVE-2022-42140 (High)
  • Baicells Technologies Security Update (02 Feb 2023)

    Baicells Technologies has released security update to address Command Injection vulnerability in its equipment- Nova. The affected versions are Baicells Nova 227, Nova 233, Nova 243 LTE TDD eNodeB devices and Nova 246 with firmware through RTS/RTD 3.6.6.
    CVE ID: CVE-2023-24508 (Critical)
  • Ubuntu Released Security Updates for Multiple Products (02 Feb 2023)

    Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 16.04 ESM, Ubuntu 14.04 ESM, Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS.
    CVE ID: CVE-2022-37436 (Medium), CVE-2021-27347 (Medium), CVE-2021-27345 (Medium), CVE-2020-25467 (Medium), CVE-2022-28044 (Critical), CVE-2022-26291 (Medium), CVE-2018-5786 (Medium), CVE-2019-14973 (Medium), CVE-2020-35524 (High), CVE-2019-17546 (High), CVE-2022-48281 (Medium), CVE-2020-35523 (High), CVE-2022-3970 (High)
  • VMware Security Update (02 Feb 2023)

    VMware has released security update to address an arbitrary file deletion vulnerability in VMware Workstation. A malicious actor with local user privileges on the victim's machine can exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed. 
    CVE ID: CVE-2023-20854 (High)
  • Multiple Vulnerabilities in Wordpress (02 Feb 2023)

    Multiple vulnerabilities have been discovered in Metform Elementor Contact Form Builder plugin, Cost Calculator plugin, and Real Media Library: Media Library Folder & File Manager plugin for WordPress. The security patches are available for Metform Elementor Contact Form Builder plugin, and Real Media Library: Media Library Folder & File Manager plugin.
    CVE ID: CVE-2023-0253 (Medium), CVE-2023-0084 (High)
  • Dell Security Updates (02 Feb 2023)

    Dell has released security updates to address multiple vulnerabilities in Dell PowerStore Family, Dell PowerFlex Rack, Dell Avamar Server and Avamar Virtual Edition, and Dell NetWorker. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2022-42252 (High), CVE-2021-46827 (Medium), CVE-2022-29901 (Medium), CVE-2022-28693, CVE-2022-31681 (Medium), CVE-2022-31696 (High), CVE-2022-31705 (High)
  • Microsoft Edge Security Update (02 Feb 2023)

    Microsoft has released Microsoft Edge Stable Channel (Version 109.0.1518.78) to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-21720
  • SUSE Security Updates (02 Feb 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Google Released Security Updates for Chrome (02 Feb 2023)

    Google has released dev channel 111.0.5563.8 for Windows, Linux and Mac, Chrome Beta 111 (111.0.5563.8) for iOS, and Chrome Dev 111 (111.0.5563.8) for Android.

  • Mitsubishi Electric Security Updates (02 Feb 2023)

    Mitsubishi Electric has released security updates to resolve multiple vulnerabilities in GOT2000 Series and GT SoftGOT2000. The affected versions are GOT2000 Series: GT27 model 01.14.000 to 01.47.000, GT25 model 01.14.000 to 01.47.000, and GT SoftGOT2000: 1.265B to 1.285X.
    CVE ID: CVE-2022-40268 (Medium), CVE-2022-40269 (Medium)
  • Moxa Security Updates (02 Feb 2023)

    Moxa has released security updates to resolve multiple vulnerabilities in Moxa SDS-3008 Series. The affected versions are SDS-3008 Series Firmware 2.1 or lower.
    CVE ID: CVE-2022-40693 (Medium), CVE-2022-40224, CVE-2022-41311, CVE-2022-41312, CVE-2022-41313 (Medium), CVE-2022-40691 (Medium)
  • Ubuntu Released Security Updates for Multiple Products (01 Feb 2023)

    Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
    CVE ID: CVE-2023-23969, CVE-2022-35016 (Medium), CVE-2022-35018 (Medium), CVE-2022-35015 (Medium), CVE-2022-35014 (Medium), CVE-2022-35019 (Medium), CVE-2022-35020 (Medium), CVE-2022-35017 (Medium), CVE-2006-20001 (High), CVE-2022-37436 (Medium), CVE-2022-36760 (Critical), CVE-2016-10030 (High), CVE-2018-10995 (Medium)
  • Multiple Vulnerabilities in Cisco Products (01 Feb 2023)

    Multiple vulnerabilities have been discovered in several Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system. Updates are available for some products.
    CVE ID: CVE-2023-20076 (High), CVE-2023-20073 (Medium), CVE-2023-20030 (Medium), CVE-2023-20068 (Medium), CVE-2023-20021 (Medium), CVE-2023-20022 (Medium), CVE-2023-20023 (Medium)
  • Vulnerability in PulseSecure (01 Feb 2023)

    Cross-site Request Forgery vulnerability has been discovered in Login Form of Pulse Connect Secure. The affected versions are Pulse Connect Secure 9.1R12 and below.

  • Drupal Security Update (01 Feb 2023)

    Drupal has released a security update to resolve an access bypass vulnerability in Apigee Edge, a third-party library used in it.

  • Google Released Security Updates for Chrome (01 Feb 2023)

    Google has released Stable channel 110.0.5481.77 for Windows and Mac, Chrome 110 (110.0.5481.61) for Android, Beta channel 110.0.5481.77 for Windows, Mac and Linux, and Chrome Beta 110 (110.0.5481.61) for Android.

  • F5 Networks Released Security Updates for Multiple Products (01 Feb 2023)

    F5 Networks has released security updates to address multiple vulnerabilities in several products.

  • Debian Released Security Updates (01 Feb 2023)

    Debian has released security updates to address a Denial of Service (DoS) vulnerability in python-django packages. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-23969
  • Huawei Security Updates (01 Feb 2023)

    Huawei has released security updates to address multiple vulnerabilities in Huawei whole-home intelligence software. Successful exploitation can allow attackers to access restricted functions.
    CVE ID: CVE-2022-48283 (High), CVE-2022-48284 (Medium)
  • Multiple Vulnerabilities in Several IBM Products (01 Feb 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Vulnerability in Third-party Component of Data Loss Prevention for Windows (01 Feb 2023)

    A protection bypass vulnerability has been discovered in the Advanced Installer, a third-party component, used by Data Loss Prevention (DLP) for Windows. The affected versions are DLP 11.9.x and earlier.
    CVE ID: CVE-2023-0400 (Medium)
  • GitLab Security Updates (31 Jan 2023)

    GitLab has released updated versions 15.8.1, 15.7.6, and 15.6.7 for GitLab Community Edition (CE) and Enterprise Edition (EE).
    CVE ID: CVE-2022-3411 (Medium), CVE-2022-4138 (Medium), CVE-2022-3759 (Medium), CVE-2023-0518 (Medium)
  • Vulnerability in FUJIFILM Business Innovation Corp.'s Driver Distributor (31 Jan 2023)

    It has been discovered that FUJIFILM Business Innovation Corp.'s Driver Distributor contains a vulnerability where passwords are stored in a recoverable format. If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator's credentials may be decrypted. The affected versions are Driver Distributor v2.2.3.1 and earlier.
    CVE ID: CVE-2022-43460 (Medium)
  • Multiple Vulnerabilities in Delta Electronics' Equipment (31 Jan 2023)

    Multiple vulnerabilities such as Stack-based Buffer Overflow, and Out-of-bounds Write have been discovered in Delta Electronics' Equipment- DOPSoft. Affected versions are DOPSoft 4.00.16.22 and prior. Delta Electronics recommends users to use DIAScreen instead of DOPSoft. 
    CVE ID: CVE-2023-0123 (High), CVE-2023-0124 (High)
  • Ubuntu Released Security Updates for Multiple Products (31 Jan 2023)

    Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 16.04 ESM, Ubuntu 14.04 ESM, Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 18.04 LTS.

  • VMware Security Update (31 Jan 2023)

    VMware has released security update to address a CSRF bypass vulnerability in VMware vRealize Operations (vROps). A malicious user can execute actions on the platform on behalf of the authenticated victim user.
    CVE ID: CVE-2023-20856 (Medium)
  • Multiple Vulnerabilities in Wordpress (31 Jan 2023)

    Unauthenticated Stored Cross-Site Scripting, and Missing Authorization to Settings Update vulnerabilities have been discovered in Beautiful Cookie Consent Banner plugin for WordPress. The security patches are available.

  • Dell Security Updates (31 Jan 2023)

    Dell has released security updates to address multiple vulnerabilities in Dell PowerScale OneFS that can be exploited by malicious users to compromise the affected system.
    CVE ID: CVE-2023-22575 (High), CVE-2023-22574 (High), CVE-2023-22573 (High), CVE-2023-22572 (High)
  • Google Released Security Updates for Chrome (31 Jan 2023)

    Google has released Beta channel OS version: 15278.47.0 Browser version: 110.0.5464.58 for most ChromeOS devices, and LTC-108, 108.0.5359.219 (Platform Version: 15183.82.0) for most ChromeOS devices.
    CVE ID: CVE-2023-0471 (High), CVE-2023-0472 (High), CVE-2023-0473 (Medium), CVE-2023-0474 (Medium)
  • SUSE Security Updates (31 Jan 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Red Hat Security Updates (31 Jan 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Debian Security Updates (31 Jan 2023)

    Debian has released security updates to resolve several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • SUSE Security Updates (30 Jan 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Wordpress (30 Jan 2023)

    Multiple vulnerabilities have been discovered in Interactive Geo Maps plugin, RankMath SEO plugin, WP Email Capture plugin, and PrivateContent plugin for WordPress. The security patches are available.
    CVE ID: CVE-2023-0581 (Medium)
  • Dell Security Updates (30 Jan 2023)

    Dell has released security updates to address multiple vulnerabilities in Dell PowerFlex Appliance, Dell PowerFlex Rack, Dell Unity, Dell UnityVSA, and Dell Unity XT. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Ubuntu Released Security Updates for Multiple Products (30 Jan 2023)

    Ubuntu has released security updates to address several vulnerabilities in Linux kernel (Raspberry Pi) and Sudo. The affected products are Ubuntu 22.10, and Ubuntu 14.04 ESM.
    CVE ID: CVE-2023-22809 (High), CVE-2022-4378 (High), CVE-2022-42896 (High), CVE-2022-3643 (Critical), CVE-2022-45934 (High)
  • Red Hat Security Updates (30 Jan 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (30 Jan 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Debian Released Security Updates (29 Jan 2023)

    Debian has released security updates to address multiple vulnerabilities in sofia-sip & libzen packages. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-22741 (Critical), CVE-2020-36646 (High)
  • Multiple Vulnerabilities in Wordpress (27 Jan 2023)

    Multiple vulnerabilities have been discovered in various WordPress plugins. The security patches are available.
    CVE ID: CVE-2023-0557 (High), CVE-2023-0555 (High), CVE-2023-0554 (High), CVE-2023-0558 (High), CVE-2023-0553 (Medium), CVE-2023-0550 (High)
  • Google Released Security Updates for Chrome (27 Jan 2023)

    Google has released dev channel 111.0.5562.0 for Windows, Linux and Mac, and Stable channel 109.0.5414.125 (Platform version: 15236.80.0) for most ChromeOS devices.

  • SUSE Security Updates (27 Jan 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Red Hat Security Updates (27 Jan 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (27 Jan 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Multiple Vulnerabilities in Several NetApp Products (27 Jan 2023)

    Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Delta Electronics Security Update (26 Jan 2023)

    Delta Electronics has released security update to address a Stack-based Buffer Overflow vulnerability in its equipment- CNCSoft. The affected versions are CNCSoft: all versions prior to v1.01.34, and Running ScreenEditor: all versions 1.01.5 and prior.
    CVE ID: CVE-2022-4634 (High)
  • Microsoft Edge Security Update (26 Jan 2023)

    Microsoft has released Microsoft Edge Stable Channel (Version 109.0.1518.70) and Microsoft Edge Extended Stable Channel (Version 108.0.1462.95) to resolve multiple vulnerabilities.

  • Google Released Security Updates for Chrome (26 Jan 2023)

    Google has released Chrome Dev 111 (111.0.5557.0) for Android, Dev channel updated to OS version 15324.0.0 & Browser version 111.0.5550.0 for most ChromeOS devices, Chrome Beta 110 (110.0.5481.52) for iOS, Chrome Beta 110 (110.0.5481.50) for Android and Chrome 110.0.5481.52 for Windows, Mac and Linux.

  • Mitsubishi Electric Security Updates for  MELSEC iQ-F and iQ-R Series Products (26 Jan 2023)

    Mitsubishi Electric has released security updates to resolve vulnerability in Pseudo-Random Number Generator (PRNG) affecting MELSEC iQ-F and iQ-R Series products. 
    CVE ID: CVE-2022-40267
  • Landis+Gyr Security Update for  E850 (ZMQ200) Product (26 Jan 2023)

    Landis+Gyr has released security update to resolve vulnerability that may cause Denial of Service (DoS) condition in all versions of E850 (ZMQ200) product.
    CVE ID: CVE-2022-3083 
  • Rockwell Automation Security Updates (26 Jan 2023)

    Rockwell Automation has released security updates to resolve multiple vulnerabilities in several products using GoAhead Web Server.
    CVE ID: CVE-2019-5096, CVE-2019-5097 
  • Mitsubishi Electric Security Updates for  MELFA SD/SQ series and F-series Robot Controllers (26 Jan 2023)

    Mitsubishi Electric has released security updates to resolve vulnerability that may allow to gain unauthorized access to a robot controller in MELFA SD/SQ series and F-series Robot Controllers. 
    CVE ID: CVE-2022-33323
  • Sierra Wireless Security Updates for  AirLink Router with ALEOS Software (26 Jan 2023)

    Sierra Wireless has released security updates to resolve multiple vulnerabilities in AirLink Router with ALEOS Software. The affected products are Airlink Router (ES450, GX450) running ALEOS software versions 4.9.7 and prior and Airlink Router (MP70, RV50, RV50x, RV55, LX 40, LX60) running ALEOS software versions prior to 4.16.0. 
    CVE ID: CVE-2022-46649, CVE-2022-46650
  • Snap One Security Update for  Wattbox WB-300-IP -3  Equipment (26 Jan 2023)

    Snap One has released a security update to resolve multiple vulnerabilities in Wattbox WB-300-IP -3  equipment. The affected products are Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior.
    CVE ID: CVE-2023-24020, CVE-2023-23582, CVE-2023-22389, CVE-2023-22315
  • Multiple Vulnerabilities in  Econolite Equipment EOS (26 Jan 2023)

    An improper access control and use of weak hash vulnerabilities have been discovered in  Econolite equipment EOS all versions. The mitigations are available.   
    CVE ID: CVE-2023-0451, CVE-2023-0452
  • CODESYS Security Updates (25 Jan 2023)

    CODESYS has released security updates to address an Improper Validation of Consistency within Input vulnerability in CODESYS Control V3 communication server. An authenticated attacker can send a manipulated packet to the PLC and configure an invalid node name to block consecutive logins by node name over the CODESYS communication protocol.
    CVE ID: CVE-2022-22508 (Medium)
  • ISC Released Security Updates for BIND 9 (25 Jan 2023)

    ISC has released security updates to address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9. A remote attacker can exploit these vulnerabilities to take control of an affected system. 
    CVE ID: CVE-2022-3094 (High), CVE-2022-3488 (High), CVE-2022-3736 (High), CVE-2022-3924 (High)
  • NVIDIA Security Updates (25 Jan 2023)

    NVIDIA has released security updates to resolve a vulnerability in NVIDIA Jetson AGX Xavier series, Jetson Xavier NX, and Jetson AGX Orin series in the NVIDIA JetPack software development kit (SDK) that can lead to escalation of privileges, compromised data integrity and confidentiality, and denial of service.
    CVE ID: CVE-2022-42270 (High)
  • Red Hat Security Updates (25 Jan 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • VMware Security Updates (24 Jan 2023)

    VMware has released security updates to address directory traversal, broken access control, deserialization, and information disclosure vulnerabilities in VMware vRealize Log Insight.
    CVE ID: CVE-2022-31706 (Critical), CVE-2022-31704 (Critical), CVE-2022-31710 (High), CVE-2022-31711 (Medium)
  • SUSE Security Updates (24 Jan 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Vulnerability in OMRON CX-Motion Pro (24 Jan 2023)

    An improper restriction of XML external entity reference (XXE) vulnerability has been discovered in OMRON CX-Motion Pro. The affected versions are OMRON CX-Motion Pro 1.4.6.013 and earlier.
    CVE ID: CVE-2023-22322 (Medium)
  • Vulnerability in pgAdmin 4 (24 Jan 2023)

    A directory traversal vulnerability has been discovered in pgAdmin 4. The affected versions are pgAdmin 4 versions prior to v6.19.
    CVE ID: CVE-2023-0241 (Low)
  • Vulnerability in EasyMail (24 Jan 2023)

    A Cross-Site Scripting (XSS) vulnerability has been discovered in EasyMail. The affected versions are EasyMail 2.00.130 and earlier.
    CVE ID: CVE-2023-22333 (Medium)
  • Multiple Vulnerabilities in Jenkins (24 Jan 2023)

    Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Google Released Security Updates for Chrome (24 Jan 2023)

    Google has released Beta channel OS version 15278.41.0 Browser version 110.0.5464.46 for most ChromeOS devices, Extended Stable channel 108.0.5359.215 for Windows and Mac, Dev channel OS version 15320.0.0 Browser version 111.0.5544.0 for most ChromeOS devices, Chrome 109 (109.0.5414.117/.118) for Android,  Chrome Stable 109 (109.0.5414.112) for iOS and Stable channel 109.0.5414.119 for Mac and Linux and 109.0.5414.119/.120 for Windows to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-0471 (High), CVE-2023-0472 (High), CVE-2023-0473 (Medium), CVE-2023-0474 (Medium)
  • Multiple Vulnerabilities in Several IBM Products (24 Jan 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Multiple Vulnerabilities in XINJE's Equipment (24 Jan 2023)

    Multiple vulnerabilities such as relative path traversal and uncontrolled search path element have been discovered in XINJE's Equipment- XINJE XD Programing Tool that allow to write arbitrary project files to a Programmable Logic Controller (PLC) and gain code execution privileges. The affected versions are XINJE XD 3.5.1 and prior.
    CVE ID: CVE-2021-34605 (High), CVE-2021-34606 (High)
  • Vulnerability in SOCOMEC's Equipment (24 Jan 2023)

    A weak encoding for password vulnerability has been discovered in SOCOMEC's Equipment- MODULYS GP. Successful exploitation can allow to obtain sensitive information on the target system. The affected version is SOCOMEC MODULYS GP Netvision v7.20.
    CVE ID: CVE-2023-0356 (Medium)
  • Red Hat Security Updates (24 Jan 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Moodle Security Updates (24 Jan 2023)

    Moodle has released security updates to address multiple vulnerabilities in several products.

  • Ubuntu Released Security Updates for Exuberant ctags (24 Jan 2023)

    Ubuntu has released security updates to address a vulnerability in Exuberant ctags that leads to arbitary command execution. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 16.04 ESM.
    CVE ID: CVE-2022-4515 (High)
  • Multiple Vulnerabilities in Wordpress (23 Jan 2023)

    Multiple vulnerabilities have been discovered in Material Design Icons for Page Builders Plugin, Ultimate Addons for Beaver Builder plugin, Stripe Payments For WooCommerce plugin, Customer Reviews for WooCommerce plugin, decode-uri-component plugin, and Parsi Date plugin for WordPress. The security patches are available.
    CVE ID: CVE-2023-0080 (High), CVE-2022-38900 (High)
  • Vulnerability in Pgpool-II (23 Jan 2023)

    An information disclosure vulnerability has been discovered in watchdog function of Pgpool-II. The affected versions are 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series.
    CVE ID: CVE-2023-22332 (Medium)
  • Dell Security Updates (23 Jan 2023)

    Dell has released security updates to address Debian Linux Kernel vulnerabilities in Dell SmartFabric OS10, and Dell Networking MX Series.
    CVE ID: CVE-2022-1012 (High), CVE-2022-32296 (Low), CVE-2022-21123 (Medium), CVE-2022-21125 (Medium), CVE-2022-21166 (Medium), CVE-2022-1012 (High), CVE-2022-32296 (Low), CVE-2022-21123 (Medium), CVE-2022-21125 (Medium), CVE-2022-21166 (Medium)
  • Apple Security Updates (23 Jan 2023)

    Apple has released security updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected device.
    CVE ID: CVE-2023-23496, CVE-2023-23518, CVE-2023-23517, CVE-2022-42856, CVE-2023-23499, CVE-2022-42915, CVE-2022-42916, CVE-2022-32221, CVE-2022-35260, CVE-2022-35252, CVE-2023-23513, CVE-2023-23493, CVE-2022-32915, CVE-2023-23507, CVE-2023-23504, CVE-2023-23502, CVE-2023-23497, CVE-2023-23505, CVE-2023-23511, CVE-2023-23508
  • SUSE Released Security Updates for Multiple Products (23 Jan 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in freeradius-server, and samba.
    CVE ID: CVE-2020-14323 (Medium), CVE-2021-20251, CVE-2022-32742 (Medium), CVE-2022-37966 (High), CVE-2022-38023 (High), CVE-2022-41859, CVE-2022-41860, CVE-2022-41861
  • Debain Security Updates (23 Jan 2023)

    Debian has released security updates to resolve multiple vulnerabilities in trafficserver. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2021-37150 (High), CVE-2022-25763 (High), CVE-2022-28129 (High), CVE-2022-31780 (High)
  • Vulnerability in CONPROSYS HMI System (20 Jan 2023)

    SQL injection vulnerability has been discovered in CONPROSYS HMI System (CHS) Web HMI/SCADA software. The affected versions are CONPROSYS HMI System Ver.3.5.0 and earlier.
    CVE ID: CVE-2023-22324 (Medium)
  • Multiple Vulnerabilities in WordPress (20 Jan 2023)

    Multiple Cross-Site Request Forgery vulnerabilities have been discovered in My Calendar plugin, and Pods plugin for WordPress. The affected versions are My Calendar plugin versions up to, and including, 3.4.3, and Pods plugin versions up to, and including, 2.9.10.2.  The security patches are available.

  • Google Released Security Update for Chrome (20 Jan 2023)

    Google has released Chrome Beta 110 (110.0.5481.41) for iOS.

  • SUSE Security Updates (20 Jan 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (20 Jan 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Debian Security Updates (20 Jan 2023)

    Debian has released security updates to resolve several vulnerabilities in Tag Image File Format (TIFF) that leads to denial of service (DoS) and possibly local code execution. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2022-1354 (Medium), CVE-2022-1355 (Medium), CVE-2022-2056 (Medium), CVE-2022-2057 (Medium), CVE-2022-2058 (Medium), CVE-2022-2867 (Medium), CVE-2022-2868 (Medium), CVE-2022-2869 (Medium), CVE-2022-3570 (Medium), CVE-2022-3597 (Medium), CVE-2022-3598 (Medium), CVE-2022-3599 (Medium), CVE-2022-3626 (Medium), CVE-2022-3627 (Medium), CVE-2022-3970 (High), CVE-2022-34526 (Medium)
  • SonicWall Security Update (19 Jan 2023)

    SonicWall has released security update to address a Pre-authentication path traversal vulnerability in SMA1000 firmware, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory. The affected version is SMA1000 firmware 12.4.2.
    CVE ID: CVE-2023-0126 (High)
  • Microsoft Edge Security Update (19 Jan 2023)

    Microsoft has released Microsoft Edge Stable Channel (Version 109.0.1518.61) to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-21719 (Medium)
  • Ubuntu Released Security Updates for Multiple Products (19 Jan 2023)

    Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 20.04 LTS, Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 16.04 ESM.

  • Google Released Security Update for Chrome (19 Jan 2023)

    Google has released Beta channel OS version: 15278.36.0 Browser version: 110.0.5464.41 for most ChromeOS devices, dev channel 111.0.5545.3 for Windows, Mac and 111.0.5545.6 for Linux, and Chrome Dev 111 (111.0.5544.3) for Android.

  • CVE - KB Correlation (19 Jan 2023)

    List of CVE IDs and corresponding Knowledge Base IDs as released by Microsoft during January 2023.

  • SUSE Security Updates (19 Jan 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (19 Jan 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Multiple Vulnerabilities in Wordpress (19 Jan 2023)

    Multiple vulnerabilities have been discovered in WP Helper Premium plugin, GiveWP plugin, WP eBay Product Feeds plugin, Interactive Polish Map plugin, and Contact Form 7 Dynamic Text Extension plugin for WordPress. The security patches are available.
    CVE ID: CVE-2022-4448 (Medium)
  • Mozilla Released Security Updates for Thunderbird (18 Jan 2023)

    Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 102.7. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2022-46871 (High), CVE-2023-23598 (High), CVE-2023-23599 (Medium), CVE-2023-23601 (Medium), CVE-2023-23602 (Medium), CVE-2023-23603 (Low), CVE-2022-46877 (Low), CVE-2023-23605 (High)
  • Multiple Vulnerabilities in Wordpress (18 Jan 2023)

    Multiple vulnerabilities have been discovered in several plugins for WordPress. The security patches are available.
    CVE ID: CVE-2023-0385 (Medium), CVE-2023-0333 (Medium)
  • Ubuntu Released Security Updates for Sudo (18 Jan 2023)

    Ubuntu has released security updates to address multiple vulnerabilities in Sudo. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 16.04 ESM.
    CVE ID: CVE-2023-22809 (Medium), CVE-2022-33070 (Medium)
  • Multiple Vulnerabilities in Cisco Products (18 Jan 2023)

    Multiple vulnerabilities have been discovered in several Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system. Updates are available for some products.
    CVE ID: CVE-2023-20010 (High), CVE-2023-20057 (Medium)
  • Drupal Security Updates for Contributes Projects (18 Jan 2023)

    Drupal has released security updates to address multiple vulnerabilities in various Drupal modules.

  • Google Released Security Update for Chrome (18 Jan 2023)

    Google has released Chrome Beta 110 (110.0.5481.40) for Android, and Chrome 110.0.5481.38 Beta channel for Windows, Mac and Linux.

  • Wireshark Released Security Update (18 Jan 2023)

    Wireshark has released security updates to address multiple vulnerabilities in several products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Multiple Vulnerabilities in Several IBM Products (18 Jan 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Red Hat Security Updates (18 Jan 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Huawei Security Updates (18 Jan 2023)

    Huawei has released security updates to address system command injection, misinterpretation of input, and insufficient authentication vulnerabilities in its products.
    CVE ID: CVE-2022-48255 (Critical), CVE-2022-48230 (High), CVE-2022-48254 (Medium)
  • Multiple Vulnerabilities in Netcomm Routers (17 Jan 2023)

    Stack based buffer overflow, and authentication bypass vulnerabilities have been discovered in Netcomm routers. The affected versions are Netcomm router models NF20MESH, NF20, and NL1902 running software versions earlier than R6B035.
    CVE ID: CVE-2022-4873, CVE-2022-4874
  • Multiple Vulnerabilities in TP-Link Routers (17 Jan 2023)

    Side-channel attack, and buffer overflow vulnerabilities have been discovered in TP-Link routers. The affected versions are TP-Link router WR710N-V1-151022 running firmware published 2015-10-22 and Archer-C5-V2-160201 running firmware published 2016-02-01.
    CVE ID: CVE-2022-4498, CVE-2022-4499
  • GE Digital Security Updates (17 Jan 2023)

    GE Digital has released security updates to address multiple vulnerabilities in its equipment- Proficy Historian. Successful exploitation of these vulnerabilities can crash the device after access, cause a buffer overflow condition, and allow remote code execution. The affected versions are Proficy Historian v7.0 and higher versions.
    CVE ID: CVE-2022-46732 (Critical), CVE-2022-46660 (High), CVE-2022-43494 (High), CVE-2022-46331 (High), CVE-2022-38469 (High)
  • Ubuntu Released Security Updates for Multiple Products (17 Jan 2023)

    Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 16.04 ESM.
    CVE ID: CVE-2022-41903, CVE-2022-23521 (High), CVE-2022-42896 (High), CVE-2022-45934 (High), CVE-2022-4378 (High), CVE-2022-46285, CVE-2022-44617, CVE-2022-4883 (High), CVE-2022-43945 (High), CVE-2022-42896 (High), CVE-2022-45934 (High), CVE-2022-3643 (Critical), CVE-2021-33621 (High)
  • Oracle Released January 2023 Critical Patch Update (17 Jan 2023)

    Oracle has released its critical patch update for January 2023 to address 327 vulnerabilities across multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • GitLab Security Updates (17 Jan 2023)

    GitLab has released updated versions 15.7.5, 15.6.6, and 15.5.9 for GitLab Community Edition (CE) and Enterprise Edition (EE).
    CVE ID: CVE-2022-41903 (Critical), CVE-2022-23521 (Critical)
  • Vulnerability in Mitsubishi Electric (17 Jan 2023)

    An authorization bypass vulnerability has been discovered in the WEB server function of Mitsubishi Electric's MELSEC iQ-F/iQ-R Series. An unauthenticated remote attacker can access the WEB server function by guessing the random numbers used for authentication from several used random numbers. Security updates are available for MELSEC iQ-F Series.
    CVE ID: CVE-2022-40267 (Medium)
  • Zyxel Security Update (17 Jan 2023)

    Zyxel has released security update to address cleartext storage of WiFi credentials and improper FTP symbolic links vulnerabilities in AX7501-B0 CPE.
    CVE ID: CVE-2022-45439, CVE-2022-45440 (Medium)
  • SUSE Security Updates (16 Jan 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Batloader Malware Abuses Legitimate Tools, Uses Obfuscated JavaScript Files (17 Jan 2023)

    Batloader malware arrives via malicious websites that impersonate legitimate software or applications. Victims can be redirected to these websites via malvertising techniques and fake comments on forums containing links that lead to Batloader distribution websites. Based on investigation by researchers, it has been determined that Batloader impersonates a slew of legitimate software and application websites in its campaign.

  • Collne Inc. Security Updates for Welcart e-Commerce (17 Jan 2023)

    Collne Inc. has released security updates to address a directory traversal vulnerability in Welcart e-Commerce. The affected versions are Welcart e-Commerce 2.6.0 to 2.8.5.
    CVE ID: CVE-2022-4140 (High)
  • Vulnerability Summary (17 Jan 2023)

    Summary of vulnerabilities for the week of January 09, 2023.

  • Dell Security Updates (17 Jan 2023)

    Dell has released security updates to address Certificate Revocation, and Client Desync Attack vulnerability in Dell Cloud Mobility, and Dell PowerVault ME5 respectively. The affected products are Cloud Mobility for Dell Storage versions 1.3.3.X and earlier, Dell PowerVault ME5012 versions before ME5.1.1.0.5, Dell PowerVault ME5024 versions before ME5.1.1.0.5, and Dell PowerVault ME5084 versions before ME5.1.1.0.5.
    CVE ID: CVE-2023-23691 (High), CVE-2023-23690 (High)
  • Apache Security Updates (17 Jan 2023)

    Apache has released security update to address multiple vulnerabilities in Apache HTTP Server. The affected versions are Apache HTTP Server 2.4.54 and earlier.
    CVE ID: CVE-2006-20001, CVE-2022-36760, CVE-2022-37436
  • Mozilla Released Security Updates for Firefox and Firefox ESR (17 Jan 2023)

    Mozilla has released security updates to address multiple vulnerabilities in Firefox ESR 102.7 and Firefox 109. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2022-46871 (High), CVE-2023-23598 (High), CVE-2023-23599 (Medium), CVE-2023-23601 (Medium), CVE-2023-23602 (Medium), CVE-2023-23603 (Low), CVE-2022-46877 (Low), CVE-2023-23605 (High), CVE-2023-23597 (High), CVE-2023-23600 (Medium), CVE-2023-23604 (Low), CVE-2023-23606 (High)
  • SUSE Security Updates (17 Jan 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (17 Jan 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Skyhigh Secure Web Gateway Security Updates (16 Jan 2023)

    Skyhigh has released security updates to address a Cross-site Scripting vulnerability in Secure Web Gateway (SWG). The affected versions are SWG 12.0.0 and earlier, SWG 11.2.5 and earlier, and SWG 10.2.16 and earlier.
    CVE ID: CVE-2023-0214 (Medium)
  • Multiple Vulnerabilities in Several IBM Products (16 Jan 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Ubuntu Released Security Updates (16 Jan 2023)

    Ubuntu has released security updates to address multiple vulnerabilities in Apache Maven & Net-SNMP packages. The affected products are Ubuntu 22.10, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
    CVE ID: CVE-2021-26291 (Critical), CVE-2022-24805, CVE-2022-24810, CVE-2022-44793 (Medium), CVE-2022-24807, CVE-2022-24808, CVE-2022-44792 (Medium), CVE-2022-24809, CVE-2022-24806
  • Red Hat Security Updates (16 Jan 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Debian Security Updates (15 Jan 2023)

    Debian has released security updates to resolve several vulnerabilities in node-minimatch, and net-snmp. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2022-3517 (High), CVE-2022-44792 (Medium), CVE-2022-44793 (Medium)

  • SUSE Security Update for python-cairo (14 Jan 2023)

    SUSE has released security update to resolve a vulnerability in python-cairo.

  • Multiple Vulnerabilities in Wordpress (13 Jan 2023)

    Multiple vulnerabilities have been discovered in Freesoul Deactivate Plugins, Custom 404 Pro plugin, and Launchpad plugin for WordPress. The affected versions are Freesoul Deactivate Plugins 1.9.4.0 and below, Custom 404 Pro plugin 3.7.0 and below, and Launchpad plugin 1.0.13 and below. Security patches are available for Freesoul Deactivate Plugins, and Custom 404 Pro plugin.

  • Google Released Security Update for Chrome (13 Jan 2023)

    Google has released Stable channel 109.0.5414.94 (Platform version: 15236.66.0) for most ChromeOS devices. 
    CVE ID: CVE-2023-0128 (High), CVE-2023-0137 (Medium)
  • ASUS Security Updates (13 Jan 2023)

    ASUS has released security updates to address multiple vulnerabilities in ASUS ASMB9-iKVM and ASMB10-iKVM.
    CVE ID: CVE-2022-40259 (Critical), CVE-2022-40242 (Critical), CVE-2022-2827 (High)

  • Ubuntu Released Security Updates for Linux kernel (13 Jan 2023)

    Ubuntu has released security updates to address multiple vulnerabilities in Linux kernel. An attacker can exploit these vulnerabilities to take control of an affected system. The affected products are Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, Ubuntu 14.04 ESM, Ubuntu 22.10, and Ubuntu 22.04 LTS.
    CVE ID: CVE-2022-42896 (High), CVE-2022-43945 (High), CVE-2022-45934 (High), CVE-2022-3643 (Critical), CVE-2022-4378 (High)

  • Red Hat Security Updates (13 Jan 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in WAGO (12 Jan 2023)

    A vulnerability has been discovered in the web-based management (WBM) of WAGOs programmable logic controller (PLC) that can allow an unauthenticated remote attacker to retrieve sensitive information.
    CVE ID: CVE-2022-3738 (Medium)
  • McAfee Released Security Updates for McAfee Application and Change Control (12 Jan 2023)

    Multiple potential product security bypass vulnerabilities have been discovered in McAfee Application and Change Control (ACC). The affected versions are ACC prior to version 8.3.4. It is recommended to install or update to ACC 8.3.4.
    CVE ID: CVE-2021-31833 (High), CVE-2023-0221 (Medium)
  • Multiple Vulnerabilities in PIXELA PIX-RT100 (12 Jan 2023)

    Multiple vulnerabilities have been discovered in PIX-RT100. The affected versions are PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101. Updates are available.
    CVE ID: CVE-2023-22304 (High), CVE-2023-22316 (High)

  • Multiple Vulnerabilities in RONDS' Equipment (12 Jan 2023)

    Multiple vulnerabilities have been discovered in RONDS' equipment- Equipment Predictive Maintenance (EPM). Successful exploitation of these vulnerabilities can allow an unauthorized user to leak login credentials and download files. The affected version is RONDS EPM v1.19.5.
    CVE ID: CVE-2022-3091 (High), CVE-2022-2893 (High)

  • Vulnerability in Panasonic's Equipment (12 Jan 2023)

    Cross-Site Request Forgery (CSRF) vulnerability has been discovered in Panasonic's equipment- Sanyo CCTV Network Camera. Successful exploitation of this vulnerability can allow attackers to perform actions via HTTP without validity checks. The affected versions are VCC-HD5600P 2.03-06, VDC-HD3300P 2.03-08, VDC-HD3300P 1.02-05, VCC-HD3300 2.03-02, VDC-HD3100P 2.03-00, and VCC-HD2100P 2.03-02.
    CVE ID: CVE-2022-4621 (High)

  • Vulnerability in Johnson Controls' Equipment (12 Jan 2023)

    Insufficiently Protected Credentials vulnerability has been discovered in Johnson Controls' equipment- Metasys ADS/ADX/OAS Servers. All versions of Metasys ADS/ADX/OAS 10 and 11 are affected.
    CVE ID: CVE-2021-36204 (High)

  • Google Released Security Update for Chrome (12 Jan 2023)

    Google has released Chrome Beta 110 (110.0.5481.32) for iOS, Beta channel OS version: 15278.29.0 Browser version: 110.0.5464.32 for most ChromeOS devices, dev channel 111.0.5532.2 for Windows, Linux and Mac, Chrome Dev 111 (111.0.5531.3) for Android, Chrome 110.0.5481.30 Beta channel for Windows, Mac and Linux, and Chrome Beta 110 (110.0.5481.29) for Android.

  • SUSE Security Updates (12 Jan 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (12 Jan 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Microsoft Edge Security Update (12 Jan 2023)

    Microsoft has released Microsoft Edge Stable Channel (Version 109.0.1518.49) to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-21775 (High), CVE-2023-21796 (High)

  • Multiple Vulnerabilities in Sewio's Equipment (12 Jan 2023)

    Multiple vulnerabilities have been discovered in Sewio's equipment- RTLS Studio.The affected versions are RTLS Studio 2.0.0 up to and including version 2.6.2. Security updates/mitigations are available.
    CVE ID: CVE-2022-45444 (Critical), CVE-2022-47911 (Critical), CVE-2022-43483 (Critical), CVE-2022-41989 (Critical), CVE-2022-45127 (High), CVE-2022-47395 (High), CVE-2022-47917 (Medium), CVE-2022-46733 (Medium), CVE-2022-43455 (Medium)

  • Multiple Vulnerabilities in InHand Networks' Equipment (12 Jan 2023)

    Multiple vulnerabilities have been discovered in InHand Networks' equipment- InRouter302, InRouter615.The affected versions are all versions of InRouter 302 prior to IR302 V3.5.56, and all versions of InRouter 615 prior to InRouter6XX-S-V2.3.0.r5542.
    CVE ID: CVE-2022-22597 (Medium), CVE-2022-22598 (High), CVE-2022-22599 (High), CVE-2022-22600 (Critical), CVE-2022-22601 (Medium)

  • Red Hat Security Updates (12 Jan 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in Control Web Panel (11 Jan 2023)

    It has been discovered that a vulnerability in the login/index.php of Control Web Panel 7 (CWP7) or CentOS Web Panel 7 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter. The affected versions are Control Web Panel 7 before 0.9.8.1147.
    CVE ID: CVE-2022-44877 (Critical)
  • GitLab Security Update (11 Jan 2023)

    GitLab has released Community Edition and Enterprise Edition version 15.7.3 to resolve a number of regressions and bugs in the 15.7 release and prior versions.

  • Debian Security Updates (11 Jan 2023)

    Debian has released security updates to resolve several vulnerabilities in viewvc, and exiv2. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-22456 (Medium), CVE-2023-22464 (Medium)

  • Dell Security Updates (11 Jan 2023)

    Dell has released security updates to address multiple vulnerabilities in several Dell products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Drupal Security Update (11 Jan 2023)

    Drupal has released a security update to resolve an access bypass vulnerability in Private Taxonomy Terms, a third-party library used in it.

  • Google Released Security Update for Chrome (11 Jan 2023)

    Google has released Dev channel 110.0.5481.30 for Windows, Linux and Mac.

  • SUSE Security Updates (11 Jan 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (11 Jan 2023)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Juniper Released Security Updates (11 Jan 2023)

    Juniper has released security updates to address multiple vulnerabilities in its products and third-party components. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-22400 (Medium), CVE-2023-22410 (High), CVE-2022-0778 (High), CVE-2022-1473 (High), CVE-2023-22404 (High), CVE-2023-22395 (Medium), CVE-2023-22417 (High), CVE-2022-22822 (Critical), CVE-2022-22823 (Critical), CVE-2022-22824 (Critical), CVE-2022-23852 (Critical), CVE-2022-25235 (Critical), CVE-2022-25236 (Critical), CVE-2022-25315 (Critical), CVE-2021-3177 (Critical), CVE-2021-39275 (Critical), CVE-2021-44790 (Critical), CVE-2022-22720 (Critical), CVE-2022-2526 (Critical), CVE-2021-26691 (Critical), CVE-2016-4658 (Critical), CVE-2021-40438 (Critical), CVE-2023-22403 (High)
  • Multiple Vulnerabilities in Cisco Products (11 Jan 2023)

    Multiple vulnerabilities have been discovered in several Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system. Updates are available for some products. Cisco Small Business RV016, RV042, RV042G, and RV082 Routers have entered the end-of-life process.
    CVE ID: CVE-2023-20025 (Critical), CVE-2023-20026 (Medium), CVE-2023-20018 (High), CVE-2023-20037 (Medium), CVE-2023-20038 (High), CVE-2023-20020 (High), CVE-2023-20007 (Medium), CVE-2023-20045 (Medium), CVE-2023-20040 (Medium), CVE-2023-20047 (Medium), CVE-2023-20058 (Medium), CVE-2023-20019 (Medium), CVE-2023-20002 (Medium), CVE-2023-20008 (Medium), CVE-2023-20043 (Medium), CVE-2023-20044 (Medium)
  • Multiple Vulnerabilities in NEC Corporation Software's EXPRESSCLUSTER X (11 Jan 2023)

    Multiple vulnerabilities have been discovered in NEC Corporation software's EXPRESSCLUSTER X that may allow overwriting of the existing files on the system, which results in arbitrary code execution. Security updates and workarounds are available.
    CVE ID: CVE-2022-34822 (Critical), CVE-2022-34823 (Critical), CVE-2022-34824 (Critical), CVE-2022-34825 (Critical)
  • Mahoroba Kobo Security Updates for MAHO-PBX NetDevancer Series (11 Jan 2023)

    Mahoroba Kobo has released security updates to address multiple vulnerabilities in MAHO-PBX NetDevancer series. The affected products are MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00.
    CVE ID: CVE-2023-22279 (Critical), CVE-2023-22280 (High), CVE-2023-22286 (Medium), CVE-2023-22296 (Medium)
  • pgAdmin Security Update (11 Jan 2023)

    pgAdmin has released a security update to address an open redirect vulnerability in pgAdmin 4. The affected versions are pgAdmin 4 versions prior to v6.14.
    CVE ID: CVE-2023-22298 (Medium)
  • Red Hat Security Updates (11 Jan 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Ubuntu Released Security Updates for Linux kernel (11 Jan 2023)

    Ubuntu has released security updates to address a stack-based buffer overflow vulnerability in linux-oem-5.17 & linux-oem-6.0 packages that can cause a Denial of Service (DoS) or execute arbitrary code. The affected product is Ubuntu 22.04 LTS.
    CVE ID: CVE-2022-4378
  • Moxa Security Updates (11 Jan 2023)

    Moxa has released security updates to resolve an use of hard-coded credentials vulnerability in Moxa TN-4900 Series that may allow to gain privileges if an embedded credential is used. The affected versions are TN-4900 Series Firmware v1.1 or lower.
    CVE ID: CVE-2008-1160
  • Zyxel Security Updates (11 Jan 2023)

    Zyxel has released security updates to address multiple vulnerabilities in its products.
    CVE ID: CVE-2022-43389 (High), CVE-2022-43390 (Medium), CVE-2022-43391 (High), CVE-2022-43392 (High), CVE-2022-43393 (High)
  • SAP Released January 2023 Security Updates (10 Jan 2023)

    SAP has released security updates to address several vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-0016 (Critical), CVE-2023-0022 (Critical), CVE-2022-41272 (Critical), CVE-2022-41203 (Critical), CVE-2022-41271 (Critical), CVE-2023-0017 (Critical), CVE-2023-0014 (Critical), CVE-2023-0012 (Medium), CVE-2023-0013 (Medium), CVE-2023-0018 (Medium), CVE-2023-0015 (Medium), CVE-2023-0023 (Medium)
  • NCSC-UK Released Guidance on Using MSP for Administering Cloud Services (10 Jan 2023)

    National Cyber Security Centre (NCSC), United Kingdom has released guidance to administer organisation's cloud services using Managed Service Providers (MSPs). 

  • NVIDIA Security Updates (10 Jan 2023)

    NVIDIA has released security updates to resolve a vulnerability in NVIDIA Omniverse Kit affecting several software products that can lead to code execution, information disclosure, data tampering, and Denial of Service (DoS).
    CVE ID: CVE-2022-42268 (High)
  • Multiple Vulnerabilities in Siemens Products (10 Jan 2023)

    Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve these vulnerabilities. 
    CVE ID: CVE-2022-36323 (Critical), CVE-2022-36324 (High), CVE-2022-36325 (Medium), CVE-2022-46823 (Critical), CVE-2022-2068 (Critical), CVE-2022-2097 (Medium), CVE-2022-2274 (Critical), CVE-2022-32212 (High), CVE-2022-35256 (Critical), CVE-2022-45092 (Critical)
  • Google Released Security Updates for Chrome (10 Jan 2023)

    Google has released Chrome Dev 110 (110.0.5481.29) for Android, Extended Stable channel 108.0.5359.179 for Windows and Mac, Chrome Stable 109 (109.0.5414.83) for iOS and Chrome 109.0.5414.74 (Linux), Chrome109.0.5414.74/.75 (Windows) &  Chrome 109.0.5414.87 (Mac) to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-0128 (High), CVE-2023-0129 (High), CVE-2023-0130 (Medium), CVE-2023-0131 (Medium), CVE-2023-0132 (Medium), CVE-2023-0133 (Medium), CVE-2023-0134 (Medium), CVE-2023-0135 (Medium), CVE-2023-0136 (Medium), CVE-2023-0137 (Medium), CVE-2023-0138 (Low), CVE-2023-0139 (Low), CVE-2023-0140 (Low), CVE-2023-0141 (Low) 
  • SUSE Security Updates (10 Jan 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Adobe Released Security Updates for Multiple Products (10 Jan 2023)

    Adobe has released security updates to address multiple vulnerabilities in Adobe Acrobat and Reader, Adobe InDesign, Adobe InCopy and Adobe Dimension. An attacker can exploit some of these vulnerabilities to take control of an affected system.

  • Microsoft Released January 2023 Security Updates (10 Jan 2023)

    Microsoft has released security updates to address multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Vulnerability Summary (10 Jan 2023)

    Summary of vulnerabilities for the week of January 02, 2022.

  • Black Box Security Updates (10 Jan 2023)

    Black Box has released security updates to address a path traversal vulnerability in its equipment- KVM Switches and Extenders that can allow to read sensitive data on the built-in web servers of the affected devices. The affected products are Black Box KVM ACR1000A-R-R2, Black Box KVM ACR1000A-T-R2, Black Box KVM ACR1002A-T, Black Box KVM ACR1002A-R and Black Box KVM ACR1020A-T of Firmware version v3.4.31307.
    CVE ID: CVE-2022-4636 (High)
  • Intel Security Updates (10 Jan 2023)

    Intel has released security updates to resolve escalation of privilege vulnerability in Intel® oneAPI Toolkits. The affected products are Intel® oneAPI DPC++/C++ Compiler before version 2022.2.1 and Intel® C++ Compiler Classic before version 2021.8.
    CVE ID: CVE-2022-40196 (High), CVE-2022-38136 (Medium), CVE-2022-41342 (Medium)
  • AMD Security Updates (10 Jan 2023)

    AMD has released security updates to address multiple vulnerabilities in AMD Secure Processor (ASP), AMD System Management Unit (SMU), and other platform components. 
    CVE ID: CVE-2021-26316 (High), CVE-2021-26346 (Medium), CVE-2021-46795 (Low)
  • Red Hat Security Updates (10 Jan 2023)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Schneider Electric Security Updates (10 Jan 2023)

    Schneider Electric has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • GitLab Security Updates (09 Jan 2023)

    GitLab has released updated versions 15.7.2, 15.6.4, and 15.5.7 for GitLab Community Edition (CE) and Enterprise Edition (EE).

  • Ubuntu Released Security Updates for Multiple Products (09 Jan 2023)

    Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Google Released Security Updates for Chrome (09 Jan 2023)

    Google has released Chrome Beta 109 (109.0.5414.85) for Android.

  • SUSE Security Updates (09 Jan 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Red Hat Security Updates (09 Jan 2023)

    Red Hat has released security updates to address multiple vulnerabilities in OpenShift Developer Tools and Services. The affected versions are OpenShift Developer Tools and Services 4.9 x86_64, OpenShift Developer Tools and Services 4.9 s390x, OpenShift Developer Tools and Services 4.9 ppc64le, and OpenShift Developer Tools and Services 4.9 aarch64.

  • Digital Arts Inc. Security Updates (06 Jan 2023)

    Digital Arts Inc. has released security updates to address an improper authentication vulnerability in m-FILTER. The affected versions are m-FILTER prior to Ver.5.70R01 (Ver.5 Series), and m-FILTER prior to Ver.4.87R04 (Ver.4 Series).
    CVE ID: CVE-2023-22278 (Medium)
  • Ubuntu Released Security Updates for Multiple Products (06 Jan 2023)

    Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Multiple vulnerabilities in Cisco (06 Jan 2023)

    Multiple vulnerabilities have been discovered in Cisco Identity Services Engine (ISE) that allows an authenticated, remote attacker to inject arbitrary operating system commands, bypass security protections, and conduct cross-site scripting attacks.
    CVE ID: CVE-2022-20964 (Medium), CVE-2022-20965 (Medium), CVE-2022-20966 (Medium), CVE-2022-20967 (Medium)
  • Multiple Vulnerabilities in Zoom Products (06 Jan 2023)

    Multiple vulnerabilities have been discovered in several Zoom products. The affected products are Zoom Rooms for Windows installers before version 5.13.0, Zoom Rooms for Windows clients before version 5.12.7, Zoom for Android clients before version 5.13.0, Zoom Rooms for macOS clients before version 5.11.3, and Zoom Rooms for macOS before version 5.11.4.
    CVE ID: CVE-2022-36930 (High), CVE-2022-36929 (High), CVE-2022-36928 (Medium), CVE-2022-36926 (High), CVE-2022-36927 (High), CVE-2022-36925 (Medium)
  • SUSE Security Updates (06 Jan 2023)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Synology Security Updates (06 Jan 2023)

    Synology has released security updates to address multiple vulnerabilities in Synology Router Manager (SRM) that allows remote attackers to execute arbitrary commands, conduct Denial of Service (DoS) attacks, or read arbitrary files. The affected versions are SRM 1.3, and SRM 1.2.
    CVE ID: CVE-2022-43932 (High), CVE-2023-0077 (Medium)
  • Ruby-git Security Update (05 Jan 2023)

     Ruby-git has released security update to address multiple code injection vulnerabilities in ruby-git. The affected versions are ruby-git prior to v1.13.0
    CVE ID: CVE-2022-46648 (Medium), CVE-2022-47318 (Medium)
  • Ubuntu Released Security Updates for Multiple Products (05 Jan 2023)

     Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Google Released Security Updates for Chrome (05 Jan 2023)

     Google has released Stable channel 108.0.5359.172 (Platform version: 15183.78.0) for most ChromeOS devices, LTC-108 108.0.5359.111 (Platform Version: 15183.69.0) for most ChromeOS devices, Dev channel 110.0.5481.24 for Windows, Linux & Mac, Chrome Dev 110 (110.0.5481.23) for Android and LTS channel 102.0.5005.194 (Platform Version: 14695.173.0) for most ChromeOS devices to resolve multiple vulnerabilities.
    CVE ID: CVE-2022-4437 (High), CVE-2022-4436 (High), CVE-2022-42720 (High), CVE-2022-41674 (High), CVE-2022-42719 (High)
  • GitLab Security Update (05 Jan 2023)

     GitLab has released Community Edition and Enterprise Edition version 15.7.1 to resolve a number of regressions and bugs in the15.7 release and prior versions.

  • SUSE Security Updates (05 Jan 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Red Hat Security Updates (05 Jan 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (05 Jan 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Dell Security Updates (04 Jan 2023)

     Dell has released security updates to address multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Ubuntu Released Security Updates for FreeRADIUS (04 Jan 2023)

     Ubuntu has released security updates to address multiple vulnerabilities in the FreeRADIUS package, that can cause Denial of Service (DoS) . The affected products are Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 16.04 ESM.
    CVE ID: CVE-2019-17185 (High), CVE-2022-41860, CVE-2022-41861
  • Vulnerability Summary (04 Jan 2023)

     Summary of vulnerabilities for the week of December 26, 2022.

  • Google Released Security Updates for Chrome (04 Jan 2023)

     Google has released Dev channel OS version: 15278.21.0, Browser version: 110.0.5464.21 for most ChromeOS devices, Chrome Beta 109 (109.0.5414.80) for Android, Chrome Beta 110 (110.0.5481.22) for iOS, and Beta channel 109.0.5414.74 for Windows, Mac and Linux.

  • SUSE Security Updates (04 Jan 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Synology Security Updates (03 Jan 2023)

    Synology has released security updates to address an arbitrary command execution vulnerability in Synology VPN Plus Server. The affected versions are VPN Plus Server for SRM 1.3, and VPN Plus Server for SRM 1.2.
    CVE ID: CVE-2022-43931 (Critical)
  • Juniper Released Security Updates (03 Jan 2023)

     Juniper has released security updates to address multiple vulnerabilities in third party software used in Juniper Networks Cloud Native Contrail Networking. The affected versions are Juniper Networks Cloud Native Contrail Networking after R22.1 and prior to R22.3.
    CVE ID: CVE-2007-6755 (Medium), CVE-2019-1543 (High), CVE-2019-1551 (Medium), CVE-2020-28469 (High), CVE-2021-23840 (High), CVE-2021-3712 (High), CVE-2021-3765 (High)
  • Android Security Updates (03 Jan 2023)

     Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2023-01-05 or later, address all of these issues.

  • Red Hat Security Updates (03 Jan 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Ubuntu Released Security Updates for usbredir (03 Jan 2023)

     Ubuntu has released security updates to address Denial of Service (DoS) or possibly execute arbitrary code vulnerability in usbredir package. The affected products are Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
    CVE ID: CVE-2021-3700 (Medium)
  • Multiple Vulnerabilities in Fortinet Products (03 Jan 2023)

     Multiple vulnerabilities have been discovered in several Fortinet products. Security updates are available.
    CVE ID: CVE-2022-39947 (High), CVE-2022-45857 (Medium), CVE-2022-41336 (Medium), CVE-2022-35845 (High)
  • SUSE Security Updates (03 Jan 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Lenovo Security Updates (03 Jan 2023)

     Lenovo has released security updates to resolve memory corruption, and information disclosure vulnerabilities in ThinkPad X13s.
    CVE ID: CVE-2022-40516 (High), CVE-2022-40517 (High), CVE-2022-40518 (High), CVE-2022-40519 (High), CVE-2022-40520 (High), CVE-2022-4432 (High), CVE-2022-4433 (High), CVE-2022-4434 (High), CVE-2022-4435 (High)
  • Multiple Vulnerabilities in MediaTek Products (03 Jan 2023)

     Multiple vulnerabilities have been discovered in MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT and Wi-Fi chipsets.
    CVE ID: CVE-2022-32635 (High), CVE-2022-32636 (High), CVE-2022-32637 (High), CVE-2022-32638 (Medium), CVE-2022-32639 (Medium), CVE-2022-32640 (Medium), CVE-2022-32641 (Medium), CVE-2022-32644 (Medium), CVE-2022-32645 (Medium), CVE-2022-32646 (Medium), CVE-2022-32647 (Medium), CVE-2022-32648 (Medium), CVE-2022-32649 (Medium), CVE-2022-32650 (Medium), CVE-2022-32651 (Medium), CVE-2022-32652 (Medium), CVE-2022-32653 (Medium), CVE-2022-32623 (Medium), CVE-2022-32657 (Medium), CVE-2022-32658 (Medium), CVE-2022-32659 (Medium), CVE-2022-32664 (Medium), CVE-2022-32665 (Medium)
  • Multiple Vulnerabilities in Several IBM Products (03 Jan 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Dell Security Updates (03 Jan 2023)

     Dell has released security updates to address multiple vulnerabilities in third-party components that affect Dell PowerStore Family. The affected products are Dell PowerStore T operating system and PowerStore X operating system.
    CVE ID: CVE-2021-41303 (Critical), CVE-2022-25315 (Critical), CVE-2016-10745 (High), CVE-2021-31535 (Critical), CVE-2021-43527 (Critical), CVE-2021-3712 (High), CVE-2020-14343 (Critical)
  • SUSE Security Updates (02 Jan 2023)

     SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Red Hat Security Updates (02 Jan 2023)

     Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Several IBM Products (01 Jan 2023)

     Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

2025 2024 2023 2022 2021 2020 2019 2018 2017 2016
Home About Us Updates Documents Forms Links Events


Copyright Policy | Hyperlinking Policy | Privacy Policy | Terms & Conditions | Web Information Manager | Feedback Last updated on: 14 Jan 2025 | Hit Counter:

This Website is Designed, Developed and Maintained by NCIIPC (A unit of NTRO), Government of India

Copyright © 2017 - NCIIPC | All Rights Reserved