California Enacts “Delete Act” For Data Privacy
California Governor Gavin Newsom has signed into law the first bill in the US compelling data brokers to delete all...
Year: 2023
New Phishing Campaign Uses LinkedIn Smart Links in Blanket Attack
Email security provider Cofense has discovered a new phishing campaign comprising over 800 emails and using LinkedIn Smart Links.The campaign...
US-CERT Vulnerability Summary for the Week of October 2, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoacronis -- agentLocal privilege escalation due to improper soft link handling. The...
Pyxamstore – Python Utility For Parsing Xamarin AssemblyStore Blob Files
This is an alpha release of an assemblies.blob AssemblyStore parser written in Python. The tool is capable of unpack and...
HackerOne Bug Bounty Disclosure: b-potential-spoofing-risk-through-firefox-private-relay-service-b-nicholas-cw
Company Name: b'Mozilla Core Services' Company HackerOne URL: https://hackerone.com/mozilla_core_services Submitted By:b'nicholas_cw'Link to Submitters Profile:https://hackerone.com/b'nicholas_cw' Report Title:b'Potential Spoofing Risk through Firefox...
HackerOne Bug Bounty Disclosure: b-xss-reflected-pqm-tva-com-b-tvmbug
Company Name: b'Tennessee Valley Authority' Company HackerOne URL: https://hackerone.com/tennessee-valley-authority Submitted By:b'tvmbug'Link to Submitters Profile:https://hackerone.com/b'tvmbug' Report Title:b'xss reflected - pqm.tva.com'Report Link:https://hackerone.com/reports/1363001Date...
HackerOne Bug Bounty Disclosure: b-exposing-django-debug-panel-and-sensitive-infrastructure-information-at-https-dev-fxprivaterelay-nonprod-cloudops-mozgcp-net-b-aliend
Company Name: b'Mozilla Core Services' Company HackerOne URL: https://hackerone.com/mozilla_core_services Submitted By:b'aliend89'Link to Submitters Profile:https://hackerone.com/b'aliend89' Report Title:b'Exposing Django Debug Panel and...
HackerOne Bug Bounty Disclosure: b-admin-mytva-com-customer-lookup-and-internal-notes-bypass-b-itssixtynein
Company Name: b'Tennessee Valley Authority' Company HackerOne URL: https://hackerone.com/tennessee-valley-authority Submitted By:b'itssixtynein'Link to Submitters Profile:https://hackerone.com/b'itssixtynein' Report Title:b'Admin.MyTVA.com Customer lookup and internal...
HackerOne Bug Bounty Disclosure: b-subdomain-takeover-on-one-of-the-subdomain-under-mozaws-net-b-holybugx
Company Name: b'Mozilla Core Services' Company HackerOne URL: https://hackerone.com/mozilla_core_services Submitted By:b'holybugx'Link to Submitters Profile:https://hackerone.com/b'holybugx' Report Title:b'Subdomain takeover on one of...
Siemens SICAM PAS/PQS privilege escalation | CVE-2023-45205
NAME__________Siemens SICAM PAS/PQS privilege escalationPlatforms Affected:Siemens SICAM PAS 8.00 Siemens SICAM PAS 8.21 Siemens SICAM PQS 8.00 Siemens SICAM PQS...
Samba denial of service | CVE-2023-42669
NAME__________Samba denial of servicePlatforms Affected:Samba Samba 4.17 Samba Samba 4.18.0 Samba Samba 4.19Risk Level:6.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Samba is vulnerable to...
Microsoft Windows TCP/IP denial of service | CVE-2023-36603
NAME__________Microsoft Windows TCP/IP denial of servicePlatforms Affected:Microsoft Windows Server 2019 Microsoft Windows 10 1809 for x64-based Systems Microsoft Windows 10...
Samba denial of service | CVE-2023-42670
NAME__________Samba denial of servicePlatforms Affected:Samba Samba 4.17 Samba Samba 4.18.0 Samba Samba 4.19Risk Level:6.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Samba is vulnerable to...
Unisoc Chipsets information disclosure | CVE-2023-40632
NAME__________Unisoc Chipsets information disclosurePlatforms Affected:Unisoc SC9863A Unisoc SC9832E Unisoc SC7731E Unisoc T610 Unisoc T606 Unisoc T760 Unisoc T618 Unisoc T612...
Juniper Networks Junos OS and Junos OS Evolved denial of service | CVE-2023-36839
NAME__________Juniper Networks Junos OS and Junos OS Evolved denial of servicePlatforms Affected:Juniper Networks Junos OS 21.1 Juniper Networks Junos OS...
Unisoc Chipsets information disclosure | CVE-2023-40631
NAME__________Unisoc Chipsets information disclosurePlatforms Affected:Unisoc SC9863A Unisoc SC9832E Unisoc SC7731E Unisoc T610 Unisoc T606 Unisoc T760 Unisoc T618 Unisoc T612...
Peplink Surf SOHO HW1 command execution | CVE-2023-35194
NAME__________Peplink Surf SOHO HW1 command executionPlatforms Affected:Peplink Surf SOHO HW1 6.3.5Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Peplink Surf SOHO HW1 could allow a...
Lenovo Desktop, Smart Edge and ThinkStation products privilege escalation | CVE-2023-45075
NAME__________Lenovo Desktop, Smart Edge and ThinkStation products privilege escalationPlatforms Affected:Lenovo ThinkStation Lenovo Desktop Lenovo Smart EdgeRisk Level:7.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Lenovo Desktop,...
SAP S/4HANA Core information disclosure | CVE-2023-42475
NAME__________SAP S/4HANA Core information disclosurePlatforms Affected:SAP S/4Hana Core S4CORE 102 SAP S/4Hana Core S4CORE 103 SAP S/4Hana Core S4CORE 104...
Lenovo Desktop, Smart Edge and ThinkStation products privilege escalation | CVE-2023-45076
NAME__________Lenovo Desktop, Smart Edge and ThinkStation products privilege escalationPlatforms Affected:Lenovo ThinkStation Lenovo Desktop Lenovo Smart EdgeRisk Level:7.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Lenovo Desktop,...
Peplink Surf SOHO HW1 command execution | CVE-2023-35193
NAME__________Peplink Surf SOHO HW1 command executionPlatforms Affected:Peplink Surf SOHO HW1 6.3.5Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Peplink Surf SOHO HW1 could allow a...
Juniper Networks Junos OS and Junos OS Evolved denial of service | CVE-2023-44186
NAME__________Juniper Networks Junos OS and Junos OS Evolved denial of servicePlatforms Affected:Juniper Networks Junos OS 21.1 Juniper Networks Junos OS...
Peplink Surf SOHO HW1 cross-site scripting | CVE-2023-34354
NAME__________Peplink Surf SOHO HW1 cross-site scriptingPlatforms Affected:Peplink Surf SOHO HW1 6.3.5Risk Level:3.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Peplink Surf SOHO HW1 is vulnerable to...
Juniper Networks Junos OS denial of service | CVE-2023-44203
NAME__________Juniper Networks Junos OS denial of servicePlatforms Affected:Juniper Networks Junos OS 21.1 Juniper Networks Junos OS 21.2 Juniper Networks Junos...
