Year: 2022
Black Basta Ransomware Victim: Bernd Hösele Group
Black Basta Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Don’t panic! “Unpatchable” Mac vulnerability discovered
Researchers at MIT’s Computer Science & Artificial Intelligence Lab (CSAIL) found an attack surface in a hardware-level security mechanism utilized...
NocoDB security bypass | CVE-2022-2064
NAME NocoDB security bypass Platforms Affected:NocoDB NocoDB 0.91.8Risk Level:9.1Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION NocoDB could allow a remote authenticated attacker to bypass...
Sourcecodester Money Transfer Management System | CVE-2021-44582
NAME Sourcecodester Money Transfer Management System Platforms Affected:Sourcecodester Money Transfer Management System 1.0Risk Level:8.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION Sourcecodester Money Transfer Management...
Apache Hadoop buffer overflow | CVE-2021-37404
NAME Apache Hadoop buffer overflow Platforms Affected:Apache Hadoop 2.9.0 Apache Hadoop 3.0.0 Apache Hadoop 3.2.0 Apache Hadoop 2.10.1 Apache Hadoop...
Biscuit security bypass | CVE-2022-31053
NAME Biscuit security bypass Platforms Affected:Biscuit Biscuit 1.0.0 Biscuit Biscuit 1.1.0Risk Level:9.8Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION Biscuit could allow a remote attacker...
NocoDB privilege escalation | CVE-2022-2063
NAME NocoDB privilege escalation Platforms Affected:NocoDB NocoDB 0.91.7Risk Level:9Exploitability:Proof of ConceptConsequences:Gain Privileges DESCRIPTION NocoDB could allow a remote authenticated attacker...
Powertek PDU Firmware information disclosure | CVE-2022-33174
NAME Powertek PDU Firmware information disclosure Platforms Affected:Powertek PDU firmware 3.30.17Risk Level:8.8Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION Powertek PDU Firmware could allow a...
Dell SupportAssist Client Consumer and Dell SupportAssist Client Commercial cross-site scripting | CVE-2022-29095
NAME Dell SupportAssist Client Consumer and Dell SupportAssist Client Commercial cross-site scripting Platforms Affected:Dell SupportAssist Client Consumer 3.8 Dell SupportAssist...
Powertek PDU Firmware security bypass | CVE-2022-33175
NAME Powertek PDU Firmware security bypass Platforms Affected:Powertek PDU firmware 3.30.17Risk Level:9.8Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION Powertek PDU Firmware could allow a...
NocoDB server-side request forgery | CVE-2022-2062
NAME NocoDB server-side request forgery Platforms Affected:NocoDB NocoDB 0.91.7Risk Level:9.1Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION NocoDB is vulnerable to server-side request...
Envoy denial of service | CVE-2022-29226
NAME Envoy denial of service Platforms Affected:Envoy Envoy 1.22.0Risk Level:10Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION Envoy could allow a remote attacker to bypass...
Dolibarr ERP/CRM cross-site scripting | CVE-2022-2060
NAME Dolibarr ERP/CRM cross-site scripting Platforms Affected:Dolibarr Dolibarr ERP/CRM 3.0.0 Dolibarr Dolibarr ERP/CRM 3.3.1 Dolibarr Dolibarr ERP/CRM 3.5.3 Dolibarr Dolibarr...
Couchbase Sync Gateway privilege escalation | CVE-2022-32563
NAME Couchbase Sync Gateway privilege escalation Platforms Affected:Couchbase Sync Gateway 3.0.1Risk Level:8.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION Couchbase Sync Gateway could allow a...
Lepin EP-KP001 security bypass | CVE-2022-29948
NAME Lepin EP-KP001 security bypass Platforms Affected:Lepin EP-KP001 KP001_V19Risk Level:8.2Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION Lepin EP-KP001 could allow a remote attacker to...
ITarian platform (SAAS / on-premise) code execution | CVE-2022-25152
NAME ITarian platform (SAAS / on-premise) code execution Platforms Affected:ITarian platform (SAAS / on-premise)Risk Level:9.9Exploitability:UnprovenConsequences:Gain Access DESCRIPTION ITarian platform (SAAS...
API Security Best Practices
Organizations face the constant need to protect these APIs from attacks so they can protect organizational data. Organizations are rapidly...
SeaFlower campaign distributes backdoored versions of Web3 wallets to steal seed phrases
Chinese cybercriminals are using SeaFlower backdoored versions of iOS and Android Web3 wallets to steal users’ seed phrase. Researchers from...
Daily Vulnerability Trends: Tue Jun 14 2022
Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2022-31769IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow a remote...
