Month: August 2023

CISA

CISA: Adobe Releases Security Updates for Multiple Products

August 17, 2023

Adobe Releases Security Updates for Multiple Products Adobe has released security updates to address multiple vulnerabilities in Adobe software. An...

CISA

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

August 17, 2023

CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog,...

CISA

CISA: Microsoft Releases August 2023 Security Updates

August 17, 2023

Microsoft Releases August 2023 Security Updates Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can...

CISA

CISA: Fortinet Releases Security Update for FortiOS

August 17, 2023

Fortinet Releases Security Update for FortiOS Fortinet has released a security update to address a vulnerability (CVE-2023-29182) affecting FortiOS. A...

CISA

CISA: CISA Releases JCDC Remote Monitoring and Management (RMM) Cyber Defense Plan

August 17, 2023

CISA Releases JCDC Remote Monitoring and Management (RMM) Cyber Defense Plan Today, CISA released the Remote Monitoring and Management (RMM)...

CISA

CISA: CISA Releases Twelve Industrial Control Systems Advisories

August 17, 2023

CISA Releases Twelve Industrial Control Systems Advisories CISA released twelve Industrial Control Systems (ICS) advisories on August 10, 2023. These...

CISA

CISA: CISA Releases Two Industrial Control Systems Advisories

August 17, 2023

CISA Releases Two Industrial Control Systems Advisories CISA released two Industrial Control Systems (ICS) advisories on August 15, 2023. These...

CISA

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

August 17, 2023

CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog,...

CISA

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

August 17, 2023

CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog,...

News

US-CERT Vulnerability Summary for the Week of August 7, 2023

August 16, 2023

High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info phoenixcontact -- wp_6xxx_series In PHOENIX CONTACTs WP 6xxx series web panels...

HackerOne Bug Bounty Disclosure: b-unexpected-deserialization-in-kredis-b-ooooooo-q

August 16, 2023

Company Name: b'Ruby on Rails' Company HackerOne URL: https://hackerone.com/rails Submitted By:b'ooooooo_q'Link to Submitters Profile:https://hackerone.com/b'ooooooo_q' Report Title:b'Unexpected deserialization in Kredis'Report Link:https://hackerone.com/reports/1702859Date...

HackerOne Bug Bounty Disclosure: b-crlf-to-xss-open-redirection-b-ashrafabdelrazik

August 16, 2023

Company Name: b'TikTok' Company HackerOne URL: https://hackerone.com/tiktok Submitted By:b'ashrafabdelrazik'Link to Submitters Profile:https://hackerone.com/b'ashrafabdelrazik' Report Title:b'CRLF to XSS & Open Redirection'Report Link:https://hackerone.com/reports/2012519Date...

ONLYOFFICE DocumentServer code execution | CVE-2023-30186

August 16, 2023

NAME__________ONLYOFFICE DocumentServer code executionPlatforms Affected:ONLYOFFICE DocumentServer 4.0.3 ONLYOFFICE DocumentServer 7.3.2Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________ONLYOFFICE DocumentServer could allow a remote attacker to...

ONLYOFFICE DocumentServer denial of service | CVE-2023-30188

August 16, 2023

NAME__________ONLYOFFICE DocumentServer denial of servicePlatforms Affected:ONLYOFFICE DocumentServer 4.0.3 ONLYOFFICE DocumentServer 7.3.2Risk Level:5.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________ONLYOFFICE DocumentServer is vulnerable to a...

Contact Form Generator Plugin for WordPress cross-site scripting | CVE-2023-37988

August 16, 2023

NAME__________Contact Form Generator Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Contact Form Generator Plugin for WordPress 2.5.5Risk Level:7.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Contact Form...

ONLYOFFICE DocumentServer code execution | CVE-2023-30187

August 16, 2023

Snow Software License Manager cross-site scripting | CVE-2023-3937

August 16, 2023

NAME__________Snow Software License Manager cross-site scriptingPlatforms Affected:Snow Software License Manager 9.30.1Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Snow Software License Manager is vulnerable to...

PHPJabbers Yacht Listing Script information disclosure | CVE-2023-38830

August 16, 2023

NAME__________PHPJabbers Yacht Listing Script information disclosurePlatforms Affected:PHPJabbers Yacht Listing ScriptRisk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________PHPJabbers Yacht Listing Script could allow a remote...

Google Android information disclosure | CVE-2023-21285

August 16, 2023

NAME__________Google Android information disclosurePlatforms Affected:Google AndroidRisk Level:6.2Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Google Android could allow a local attacker to obtain sensitive information, caused...

Google Android denial of service | CVE-2023-21284

August 16, 2023

NAME__________Google Android denial of servicePlatforms Affected:Google AndroidRisk Level:5.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Google Android is vulnerable to a denial of service, caused...

Google Android privilege escalation | CVE-2023-21134

August 16, 2023

NAME__________Google Android privilege escalationPlatforms Affected:Google AndroidRisk Level:6.4Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Google Android could allow a physically proximate attacker to gain elevated privileges...

Google Android information disclosure | CVE-2023-21283

August 16, 2023

NAME__________Google Android information disclosurePlatforms Affected:Google AndroidRisk Level:5.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Google Android could allow a local attacker to obtain sensitive information, caused...

Google Android privilege escalation | CVE-2023-21133

August 16, 2023

Google Android information disclosure | CVE-2023-21292

August 16, 2023

Month: August 2023

CISA: Adobe Releases Security Updates for Multiple Products

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: Microsoft Releases August 2023 Security Updates

CISA: Fortinet Releases Security Update for FortiOS

CISA: CISA Releases JCDC Remote Monitoring and Management (RMM) Cyber Defense Plan

CISA: CISA Releases Twelve Industrial Control Systems Advisories

CISA: CISA Releases Two Industrial Control Systems Advisories

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

US-CERT Vulnerability Summary for the Week of August 7, 2023

HackerOne Bug Bounty Disclosure: b-unexpected-deserialization-in-kredis-b-ooooooo-q

HackerOne Bug Bounty Disclosure: b-crlf-to-xss-open-redirection-b-ashrafabdelrazik

ONLYOFFICE DocumentServer code execution | CVE-2023-30186

ONLYOFFICE DocumentServer denial of service | CVE-2023-30188

Contact Form Generator Plugin for WordPress cross-site scripting | CVE-2023-37988

ONLYOFFICE DocumentServer code execution | CVE-2023-30187

Snow Software License Manager cross-site scripting | CVE-2023-3937

PHPJabbers Yacht Listing Script information disclosure | CVE-2023-38830

Google Android information disclosure | CVE-2023-21285

Google Android denial of service | CVE-2023-21284

Google Android privilege escalation | CVE-2023-21134

Google Android information disclosure | CVE-2023-21283

Google Android privilege escalation | CVE-2023-21133

Google Android information disclosure | CVE-2023-21292

[APT73] – Ransomware Victim: gureco[.]pl

[APT73] – Ransomware Victim: lgpunjab[.]gov[.]in

[INCRANSOM] – Ransomware Victim: IPE Engwicht

[HUNTERS] – Ransomware Victim: Aeris Energy

[HUNTERS] – Ransomware Victim: Jones & Mayer

You may have missed