Threat Advisories - NVD Disclosed July 13, 2023

CVE-2023-35070

VegaGroup Web Collection can be compromised to steal data or disrupt services.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A flaw in VegaGroup Web Collection lets attackers steal data or disrupt services by injecting malicious commands into your web application's database. This is critical because it can be exploited remotely by anyone without needing a password.

NVD published: July 13, 2023

CVE advisoryMEDIUM

CVE-2023-3319

iDisplay PlatPlay DS allows attackers to steal customer data or take control of services.

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

An external attacker could take over user accounts by injecting malicious scripts into PlatPlay DS. This can lead to stolen credentials or unauthorized access to sensitive data, impacting business operations.

NVD published: July 13, 2023

CVE advisoryHIGH

CVE-2023-35069

Bullwark system lets attackers steal sensitive files.

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

An external attacker could access sensitive files on your Bullwark system, potentially exposing credentials or confidential information. This matters because it could lead to unauthorized data disclosure or compromise.

NVD published: July 13, 2023