US-CERT Vulnerability Summary for the Week of August 21, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoqemu -- qemuThe hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model...
Month: August 2023
HackerOne Bug Bounty Disclosure: b-idor-in-upload-videos-of-a-channel-on-https-video-ibm-com-b-tusnj
Company Name: b'IBM' Company HackerOne URL: https://hackerone.com/ibm Submitted By:b'tusnj'Link to Submitters Profile:https://hackerone.com/b'tusnj' Report Title:b'IDOR in upload videos of a Channel...
HackerOne Bug Bounty Disclosure: b-triager-team-members-can-edit-hacker-s-report-and-hacker-is-not-even-notified-b-abhhinavsecondary
Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'abhhinavsecondary'Link to Submitters Profile:https://hackerone.com/b'abhhinavsecondary' Report Title:b"Triager/Team members can edit hacker's report and...
Medusa Locker Ransomware Victim: Skynet
Medusa Locker Logo NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the...
Medusa Locker Ransomware Victim: Aranui Cruises
Medusa Locker Logo NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the...
CISA: CISA and International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware
CISA and International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware Today, the United Kingdom’s National Cyber Security...
Earth Estries’ Espionage Campaign Targets Governments and Tech Titans Across Continents
A hacking outfit nicknamed Earth Estries has been attributed to a new, ongoing cyber espionage campaign targeting government and technology...
Numbers Don’t Lie: Exposing the Harsh Truths of Cyberattacks in New Report
How often do cyberattacks happen? How frequently do threat actors target businesses and governments around the world? The BlackBerry® Threat...
iframe popup plugin for WordPress cross-site scripting | CVE-2023-24394
NAME__________iframe popup plugin for WordPress cross-site scriptingPlatforms Affected:WordPress iframe popup Plugin for WordPress 3.3Risk Level:5.9Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________iframe popup Login Plugin...
Free and Open Source Inventory Management System cross-site scripting | CVE-2023-39707
NAME__________Free and Open Source Inventory Management System cross-site scriptingPlatforms Affected:Sourcecodester Free and Open Source Inventory Management System 1.0Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting...
NeoMind Fusion Platform cross-site scripting | CVE-2023-4534
NAME__________NeoMind Fusion Platform cross-site scriptingPlatforms Affected:Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________NeoMind Fusion Platform is vulnerable to cross-site scripting, caused by improper validation...
Spipu HTML2PDF cross-site scripting | CVE-2023-39062
NAME__________Spipu HTML2PDF cross-site scriptingPlatforms Affected:Spipu HTML2PDF 5.2.3 Spipu HTML2PDF 5.2.4 Spipu HTML2PDF 5.2.5 Spipu HTML2PDF 5.2.6 Spipu HTML2PDF 5.2.7Risk Level:6.1Exploitability:HighConsequences:Cross-Site...
OpenFGA information disclosure | CVE-2023-40579
NAME__________OpenFGA information disclosurePlatforms Affected:OpenFGA OpenFGA 1.3.0Risk Level:6.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________OpenFGA could allow a remote authenticated attacker to obtain sensitive information, caused...
Free and Open Source Inventory Management System cross-site scripting | CVE-2023-39709
NAME__________Free and Open Source Inventory Management System cross-site scriptingPlatforms Affected:Sourcecodester Free and Open Source Inventory Management System 1.0Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting...
Free and Open Source Inventory Management System cross-site scripting | CVE-2023-39708
NAME__________Free and Open Source Inventory Management System cross-site scriptingPlatforms Affected:Sourcecodester Free and Open Source Inventory Management System 1.0Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting...
giflib buffer overflow | CVE-2023-39742
NAME__________giflib buffer overflowPlatforms Affected:GIFLIB GIFLIB 5.2.1Risk Level:7.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________giflib is vulnerable to a heap-based buffer overflow, caused by a segmentation...
Webiny cross-site scripting | CVE-2023-41167
NAME__________Webiny cross-site scriptingPlatforms Affected:webiny webiny 5.37.1Risk Level:7.2Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Webiny is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
Metal3 ironic-image security bypass | CVE-2023-40585
NAME__________Metal3 ironic-image security bypassPlatforms Affected:Metal3 ironic-image capm3-v1.4.2Risk Level:7.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Metal3 ironic-image could allow a remote attacker to bypass security restrictions,...
jupyter-server information disclosure | CVE-2023-40170
NAME__________jupyter-server information disclosurePlatforms Affected:jupyter-server jupyter-server 2.7.1Risk Level:4.6Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________jupyter-server could allow a remote authetnicated attacker to obtain sensitive information, caused...
Samsung Exynos Mobile Processor and Wearable Processor denial of service | CVE-2023-36481
NAME__________Samsung Exynos Mobile Processor and Wearable Processor denial of servicePlatforms Affected:Samsung Exynos Mobile Processor Samsung Exynos Wearable ProcessorRisk Level:7.5Exploitability:UnprovenConsequences:Denial of...
FRRouting FRR and Pica8 PICOS denial of service | CVE-2023-38802
NAME__________FRRouting FRR and Pica8 PICOS denial of servicePlatforms Affected:FRRouting FRRouting 9.0 Pica8 PICOS 4.3.3.2Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________FRRouting FRR and...
jupyter-server open redirect | CVE-2023-39968
NAME__________jupyter-server open redirectPlatforms Affected:jupyter-server jupyter-server 2.7.1Risk Level:4.3Exploitability:UnprovenConsequences:Other DESCRIPTION__________jupyter-server could allow a remote attacker to conduct phishing attacks, caused by an...
MyBB code execution | CVE-2023-41362
NAME__________MyBB code executionPlatforms Affected:MyBB MyBB 1.8.35Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________MyBB could allow a remote authenticated attacker to execute arbitrary code on...
haraj security bypass |
NAME__________haraj security bypassPlatforms Affected:haraj haraj 1.1Risk Level:7.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________haraj could allow a remote attacker to bypass security restrictions, caused by...
