CISA: CISA Adds One Known Vulnerability to Catalog
CISA Adds One Known Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...
Month: July 2023
US-CERT Vulnerability Summary for the Week of June 26, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapple -- mac_os_xA use after free issue was addressed with improved memory...
Blacklist3r – Accumulate Secret Keys / Secret Materials Related To Various Web Frameworks
The goal of this project is to accumulate the secret keys / secret materials related to various web frameworks, that...
Akira Ransomware Victim: 4LEAF, Inc
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Mediatek Android denial of service | CVE-2023-20690
NAME__________Mediatek Android denial of servicePlatforms Affected:MediaTek AndroidRisk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Mediatek Android is vulnerable to a denial of service, caused...
Mediatek Android privilege escalation | CVE-2023-20753
NAME__________Mediatek Android privilege escalationPlatforms Affected:MediaTek AndroidRisk Level:6.7Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Mediatek Android could allow a local authenticated attacker to gain elevated privileges...
Mediatek Android privilege escalation | CVE-2023-20755
NAME__________Mediatek Android privilege escalationPlatforms Affected:MediaTek AndroidRisk Level:6.7Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Mediatek Android could allow a local authenticated attacker to gain elevated privileges...
Mediatek Android privilege escalation | CVE-2023-20754
NAME__________Mediatek Android privilege escalationPlatforms Affected:MediaTek AndroidRisk Level:6.7Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Mediatek Android could allow a local authenticated attacker to gain elevated privileges...
Mediatek Android denial of service | CVE-2023-20693
NAME__________Mediatek Android denial of servicePlatforms Affected:MediaTek AndroidRisk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Mediatek Android is vulnerable to a denial of service, caused...
Node.js @fastify/oauth2 cross-site request forgery | CVE-2023-35935
NAME__________Node.js @fastify/oauth2 cross-site request forgeryPlatforms Affected:Node.js @fastify/oauth2 2.6.9 Node.js @fastify/oauth2 2.6.8Risk Level:7.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Node.js @fastify/oauth2 is vulnerable to cross-site request...
Milesight UR32L zebra vlan_name functionality command execution | CVE-2023-25582
NAME__________Milesight UR32L zebra vlan_name functionality command executionPlatforms Affected:Milesight UR32L 32.3.0.5Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Milesight UR32L could allow a remote authenticated attacker...
Mediatek Android denial of service | CVE-2023-20692
NAME__________Mediatek Android denial of servicePlatforms Affected:MediaTek AndroidRisk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Mediatek Android is vulnerable to a denial of service, caused...
Mediatek Android privilege escalation | CVE-2023-20756
NAME__________Mediatek Android privilege escalationPlatforms Affected:MediaTek AndroidRisk Level:6.7Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Mediatek Android could allow a local authenticated attacker to gain elevated privileges...
Mediatek Android denial of service | CVE-2023-20691
NAME__________Mediatek Android denial of servicePlatforms Affected:MediaTek AndroidRisk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Mediatek Android is vulnerable to a denial of service, caused...
Mediatek Android privilege escalation | CVE-2023-20757
NAME__________Mediatek Android privilege escalationPlatforms Affected:MediaTek AndroidRisk Level:6.7Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Mediatek Android could allow a local authenticated attacker to gain elevated privileges...
Mediatek Android denial of service | CVE-2023-20758
NAME__________Mediatek Android denial of servicePlatforms Affected:MediaTek AndroidRisk Level:4.4Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Mediatek Android is vulnerable to a denial of service, caused...
Milesight UR32L libzebra.so bridge_group functionality command execution | CVE-2023-22306
NAME__________Milesight UR32L libzebra.so bridge_group functionality command executionPlatforms Affected:Milesight UR32L 32.3.0.5Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Milesight UR32L could allow a remote authenticated attacker...
Milesight UR32L libzebra.so change_hostname command execution | CVE-2023-22659
NAME__________Milesight UR32L libzebra.so change_hostname command executionPlatforms Affected:Milesight UR32L 32.3.0.5Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Milesight UR32L could allow a remote authenticated attacker to...
Mastodon denial of service | CVE-2023-36461
NAME__________Mastodon denial of servicePlatforms Affected:Mastodon Mastodon 4.1.2 Mastodon Mastodon 4.0.4 Mastodon Mastodon 3.5.8Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Mastodon is vulnerable to...
Milesight UR32L zebra vlan_name functionality command execution | CVE-2023-25583
NAME__________Milesight UR32L zebra vlan_name functionality command executionPlatforms Affected:Milesight UR32L 32.3.0.5Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Milesight UR32L could allow a remote authenticated attacker...
ServiceNow cross-site scripting | CVE-2023-1298
NAME__________ServiceNow cross-site scriptingPlatforms Affected:ServiceNow ServiceNow Tokyo ServiceNow ServiceNow Utah ServiceNow ServiceNow San DiegoRisk Level:4.3Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________ServiceNow is vulnerable to cross-site...
Milesight UR32L ys_thirdparty user_delete command execution | CVE-2023-23550
NAME__________Milesight UR32L ys_thirdparty user_delete command executionPlatforms Affected:Milesight UR32L 32.3.0.5Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Milesight UR32L could allow a remote authenticated attacker to...
IBM Cloud Object System cross-site scripting | CVE-2021-39014
NAME__________IBM Cloud Object System cross-site scriptingPlatforms Affected:IBM Cloud Object Storage System 3.15.8.97Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________IBM Cloud Object System 3.15.8.97 is...
Mastodon spoofing | CVE-2023-36462
NAME__________Mastodon spoofingPlatforms Affected:Mastodon Mastodon 2.6.0 Mastodon Mastodon 4.1.2 Mastodon Mastodon 4.0.4 Mastodon Mastodon 3.5.8Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Mastodon could allow a...
