Month: July 2023

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info sem-cms — semcms File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to upload arbitrary files and gain escalated privileges. 2023-06-30 9.8 CVE-2020-18432MISCMISC flatnest_project — flatnest All versions of the package flatnest are vulnerable to Prototype Pollution via the… Read more

Progress Software has released a Service Pack to address three newly disclosed vulnerabilities (CVE-2023-36934, CVE-2023-36932, CVE-2023-36933) in MOVEit Transfer. A cyber threat actor could exploit some of these vulnerabilities to obtain sensitive information.  CISA encourages users to review Progress Software’s MOVEit Transfer article and apply product updates as applicable for security improvements. Read more

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) are releasing this joint Cybersecurity Advisory (CSA) in response to cyber threat actors leveraging newly identified Truebot malware variants against organizations in the United States… Read more

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info apple — mac_os_x A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or… Read more