Mastodon Social Network Patches Critical Flaws Allowing Server Takeover
Mastodon, a popular decentralized social network, has released a security update to fix critical vulnerabilities that could expose millions of...
Month: July 2023
Hackers Steal $20 Million by Exploiting Flaw in Revolut’s Payment Systems
Malicious actors exploited an unknown flaw in Revolut's payment systems to steal more than $20 million of the company's funds...
Global Retailers Must Keep an Eye on Their SaaS Stack
Brick-and-mortar retailers and e-commerce sellers may be locked in a fierce battle for market share, but one area both can...
Close Security Gaps with Continuous Threat Exposure Management
CISOs, security leaders, and SOC teams often struggle with limited visibility into all connections made to their company-owned assets and...
RomCom RAT Targeting NATO and Ukraine Support Groups
The threat actors behind the RomCom RAT have been suspected of phishing attacks targeting the upcoming NATO Summit in Vilnius...
Akira Ransomware Victim: 4LEAF, Inc
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
LockBit 3.0 Ransomware Victim: leeindustries[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: roys[.]co[.]uk
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Ethyca Fides directory traversal | CVE-2023-36827
NAME__________Ethyca Fides directory traversalPlatforms Affected:Ethyca Fides 2.15.0Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Ethyca Fides could allow a remote attacker to traverse directories on...
Statamic cross-site scripting | CVE-2023-36828
NAME__________Statamic cross-site scriptingPlatforms Affected:Statamic Statamic 4.9.2Risk Level:5.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Statamic is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
IBM Watson CP4D Data Stores denial of service | CVE-2023-27540
NAME__________IBM Watson CP4D Data Stores denial of servicePlatforms Affected:IBM Watson CP4D Data Stores 4.6.0Risk Level:5.9Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________IBM Watson CP4D...
Uptime Kuma directory traversal | CVE-2023-36822
NAME__________Uptime Kuma directory traversalPlatforms Affected:Uptime Kuma Uptime Kuma 1.22.0Risk Level:6.5Exploitability:Proof of ConceptConsequences:Obtain Information DESCRIPTION__________Uptime Kuma could allow a remote authenticated...
IBM Watson Knowledge Catalog CSV injection | CVE-2023-28959
NAME__________IBM Watson Knowledge Catalog CSV injectionPlatforms Affected:IBM Watson Knowledge Catalog on-prem 4.0Risk Level:7Exploitability:UnprovenConsequences:File Manipulation DESCRIPTION__________IBM Watson Knowledge Catalog on Cloud...
AMI MegaRAC SPX header injection | CVE-2023-34472
NAME__________AMI MegaRAC SPX header injectionPlatforms Affected:AMI MegaRAC SPX 12 AMI MegaRAC SPX 13Risk Level:5.7Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________AMI MegaRAC SPX is vulnerable...
AMI MegaRAC SPX weak security | CVE-2023-34471
NAME__________AMI MegaRAC SPX weak securityPlatforms Affected:AMI MegaRAC SPX 12 AMI MegaRAC SPX 13Risk Level:6.8Exploitability:UnprovenConsequences:Other DESCRIPTION__________AMI MegaRAC SPX could provide weaker...
AMI MegaRAC SPX weak security | CVE-2023-34338
NAME__________AMI MegaRAC SPX weak securityPlatforms Affected:AMI MegaRAC SPX 12 AMI MegaRAC SPX 13Risk Level:7.1Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________AMI MegaRAC SPX contains default...
GLPI information disclosure | CVE-2023-35940
NAME__________GLPI information disclosurePlatforms Affected:GLPI GLPI 9.5.0 GLPI GLPI 10.0.7Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________GLPI could allow a remote attacker to obtain sensitive...
GLPI information disclosure | CVE-2023-34107
NAME__________GLPI information disclosurePlatforms Affected:GLPI GLPI 10.0.7 GLPI GLPI 9.2.0Risk Level:6.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________GLPI could allow a remote authenticated attacker to obtain...
GPAC denial of service | CVE-2023-3523
NAME__________GPAC denial of servicePlatforms Affected:GPAC GPAC 2.2.1Risk Level:6.1Exploitability:Proof of ConceptConsequences:Denial of Service DESCRIPTION__________GPAC is vulnerable to a denial of service,...
AMI MegaRAC SPX weak security | CVE-2023-34473
NAME__________AMI MegaRAC SPX weak securityPlatforms Affected:AMI MegaRAC SPX 12 AMI MegaRAC SPX 13Risk Level:6.6Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________AMI MegaRAC SPX contains default...
GLPI cross-site scripting | CVE-2023-34244
NAME__________GLPI cross-site scriptingPlatforms Affected:GLPI GLPI 9.4.0 GLPI GLPI 10.0.7Risk Level:6.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________GLPI is vulnerable to cross-site scripting, caused by improper...
Outline cross-site scripting | CVE-2023-3532
NAME__________Outline cross-site scriptingPlatforms Affected:outline outline 0.70.0Risk Level:6.3Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Outlin is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
Tyan S5552 BMC man-in-the-middle | CVE-2023-2538
NAME__________Tyan S5552 BMC man-in-the-middlePlatforms Affected:Tyan S5552 BMC 3.00Risk Level:6.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Tyan S5552 BMC is vulnerable to a man-in-the-middle attack, caused...
GLPI information disclosure | CVE-2023-34106
NAME__________GLPI information disclosurePlatforms Affected:GLPI GLPI 10.0.7 GLPI GLPI 0.68Risk Level:6.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________GLPI could allow a remote authenticated attacker to obtain...
