US-CERT Vulnerability Summary for the Week of June 26, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapple -- mac_os_xA use after free issue was addressed with improved memory...
Month: July 2023
Acltoolkit – ACL Abuse Swiss-Knife
acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses. Installation pip install acltoolkit-ad or git clone https://github.com/zblurx/acltoolkit.gitcd...
Akira Ransomware Victim: 4LEAF, Inc
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
IBM Db2 denial of service | CVE-2023-30446
NAME__________IBM Db2 denial of servicePlatforms Affected:IBM DB2 for Linux UNIX and Windows 10.5 IBM DB2 for Linux UNIX and Windows...
IBM Db2 denial of service | CVE-2023-30445
NAME__________IBM Db2 denial of servicePlatforms Affected:IBM DB2 for Linux UNIX and Windows 10.5 IBM DB2 for Linux UNIX and Windows...
IBM Db2 denial of service | CVE-2023-30449
NAME__________IBM Db2 denial of servicePlatforms Affected:IBM DB2 for Linux UNIX and Windows 10.5 IBM DB2 for Linux UNIX and Windows...
IBM Db2 code execution | CVE-2023-27868
NAME__________IBM Db2 code executionPlatforms Affected:IBM DB2 for Linux UNIX and Windows 10.5 IBM DB2 for Linux UNIX and Windows 11.1...
IBM Db2 denial of service | CVE-2023-30448
NAME__________IBM Db2 denial of servicePlatforms Affected:IBM DB2 for Linux UNIX and Windows 10.5 IBM DB2 for Linux UNIX and Windows...
IBM Db2 | CVE-2023-30443
NAME__________IBM Db2Platforms Affected:IBM DB2 for Linux UNIX and Windows 10.5 IBM DB2 for Linux UNIX and Windows 11.1 IBM DB2...
IBM Db2 code execution | CVE-2023-27867
NAME__________IBM Db2 code executionPlatforms Affected:IBM DB2 for Linux UNIX and Windows 10.5 IBM DB2 for Linux UNIX and Windows 11.1...
IBM Db2 code execution | CVE-2023-27869
NAME__________IBM Db2 code executionPlatforms Affected:IBM DB2 for Linux UNIX and Windows 10.5 IBM DB2 for Linux UNIX and Windows 11.1...
IBM Db2 denial of service | CVE-2023-30447
NAME__________IBM Db2 denial of servicePlatforms Affected:IBM DB2 for Linux UNIX and Windows 10.5 IBM DB2 for Linux UNIX and Windows...
Node.js @fastify/oauth2 cross-site request forgery | CVE-2023-35935
NAME__________Node.js @fastify/oauth2 cross-site request forgeryPlatforms Affected:Node.js @fastify/oauth2 2.6.9 Node.js @fastify/oauth2 2.6.8Risk Level:7.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Node.js @fastify/oauth2 is vulnerable to cross-site request...
8 Base Ransomware Victim: Cabra Consulting Ltd
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
New ‘Big Head’ ransomware displays fake Windows update alert
Security researchers have dissected a recently emerged ransomware strain named ‘Big Head’ that may be spreading through malvertising that promotes fake Windows...
CISA: CISA Releases Nine Industrial Control Systems Advisories
CISA Releases Nine Industrial Control Systems Advisories CISA released nine Industrial Control Systems (ICS) advisories on June 29, 2023. These...
CISA: CISA Adds Eight Known Exploited Vulnerabilities to Catalog
CISA Adds Eight Known Exploited Vulnerabilities to Catalog CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog,...
CISA: CISA and NSA Release Joint Guidance on Defending Continuous Integration/Continuous Delivery (CI/CD) Environments
CISA and NSA Release Joint Guidance on Defending Continuous Integration/Continuous Delivery (CI/CD) Environments Today, CISA, together with the National Security...
CISA: DoS and DDoS Attacks against Multiple Sectors
DoS and DDoS Attacks against Multiple Sectors CISA is aware of open-source reporting of targeted denial-of-service (DoS) and distributed denial-of-service...
CISA: 2023 CWE Top 25 Most Dangerous Software Weaknesses
2023 CWE Top 25 Most Dangerous Software Weaknesses The Homeland Security Systems Engineering and Development Institute, sponsored by the Department...
CISA: CISA Releases Three Industrial Control Systems Advisories
CISA Releases Three Industrial Control Systems Advisories CISA has released three Industrial Control Systems (ICS) advisories on July 6, 2023....
CISA: Progress Software Releases Service Pack for MOVEit Transfer Vulnerabilities
Progress Software Releases Service Pack for MOVEit Transfer Vulnerabilities Progress Software has released a Service Pack to address three newly...
CISA: Mozilla Releases Security Advisories for Thunderbird, Firefox, and Firefox ESR
Mozilla Releases Security Advisories for Thunderbird, Firefox, and Firefox ESR Mozilla has released security advisories to address vulnerabilities in Thunderbird,...
CISA: CISA and Partners Release Joint Cybersecurity Advisory on Newly Identified Truebot Malware Variants
CISA and Partners Release Joint Cybersecurity Advisory on Newly Identified Truebot Malware Variants Today, the Cybersecurity and Infrastructure Security Agency...
