Category: Bulletins

Vulnerability Summary for the Week of November 13, 2023

 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info checkpoint — endpoint_security Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An attacker must first obtain the ability to…

Read more →

Vulnerability Summary for the Week of November 6, 2023

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 1e — platform The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL…

Read more →

Vulnerability Summary for the Week of October 30, 2023

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info contec — solarview_compact_firmware An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component. 2023-10-27 9.8…

Read more →

Vulnerability Summary for the Week of October 23, 2023

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info projectworlds_pvt._limited — online_art_gallery   Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘fnm’ parameter of the header.php resource does not…

Read more →

Vulnerability Summary for the Week of September 11, 2023

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info wibu — codemeter_runtime   A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to…

Read more →

Vulnerability Summary for the Week of September 4, 2023

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info canonical_ltd. — snapd_for_linux Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it…

Read more →

Vulnerability Summary for the Week of August 28, 2023

 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info earcms — ear_app An issue found in Earcms Ear App v.20181124 allows a remote cyber threat actor to execute arbitrary code via the uload/index-uplog.php. 2023-08-29 9.8…

Read more →