NVD disclosure day

Published threat advisories for August 3, 2023

CVE-2023-38950

ZKTeco BioTime Path Traversal Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A path traversal vulnerability in ZKTeco BioTime's iclock API allows unauthenticated attackers to read arbitrary files. This impacts organizations using the affected software by potentially exposing sensitive data. The business risk involves unauthorized access to system files.

NVD published: August 3, 2023 • CISA KEV

CVE advisoryKnown Exploit

CVE-2023-35081

Ivanti EPMM Arbitrary File Write Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An authenticated administrator can write arbitrary files to the Ivanti EPMM appliance via a path traversal vulnerability. This could impact system integrity and data confidentiality for affected organizations.

NVD published: August 3, 2023 • CISA KEV