Vulnerabilities Archives - RedPacket Security

Sat. Apr 1st, 2023

Vulnerabilities

Mega Main Menu plugin for WordPress cross-site scripting | CVE-2023-1575

NAME__________Mega Main Menu plugin for WordPress cross-site scriptingPlatforms Affected:Risk Level:5.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Mega Main Menu plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A…

Vulnerabilities

Nextcloud Android app security bypass | CVE-2023-28646

NAME__________Nextcloud Android app security bypassPlatforms Affected:Nextcloud Android app 3.24.0 Nextcloud Android app 3.7.0Risk Level:3.7Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Nextcloud Android app could allow a physical authenticated attacker to bypass security restrictions, caused by…

Vulnerabilities

Media Library Categories Plugin for WordPress cross-site scripting | CVE-2022-47596

NAME__________Media Library Categories Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Media Library Categories Plugin for WordPress 1.9.9Risk Level:5.9Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Media Library Categories Plugin for WordPress is vulnerable to cross-site scripting, caused…

Vulnerabilities

Apple Xcode information disclosure | CVE-2023-27945

NAME__________Apple Xcode information disclosurePlatforms Affected:Apple Xcode 14.2Risk Level:5.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Apple Xcode could allow a local attacker to obtain sensitive information, caused by an issue in the Dev Tools component. By…

Vulnerabilities

Apple Xcode code execution | CVE-2023-27967

NAME__________Apple Xcode code executionPlatforms Affected:Apple Xcode 14.2Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Apple Xcode could allow a local attacker to execute arbitrary code on the system, caused by an issue in the Dev…

Vulnerabilities

HashiCorp Vault and Vault Enterprise denial of service | CVE-2023-0665

NAME__________HashiCorp Vault and Vault Enterprise denial of servicePlatforms Affected:Risk Level:6.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________HashiCorp Vault and Vault Enterprise are vulnerable to a denial of service, caused by improper authorization in the…

Vulnerabilities

GitLab information disclosure | CVE-2023-1648

NAME__________GitLab information disclosurePlatforms Affected:Risk Level:5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________GitLab could allow a remote authenticated attacker to obtain sensitive information, caused by the leak of authorization headers in the DAST API scanner. By…

Vulnerabilities

Vira-Investing Investment Tracking System information disclosure | CVE-2023-1014

NAME__________Vira-Investing Investment Tracking System information disclosurePlatforms Affected:Risk Level:5.8Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Vira-Investing Investment Tracking System could allow a remote attacker to obtain sensitive information, caused by improper protection for outbound error messages…

Vulnerabilities

Samba information disclosure | CVE-2023-0614

NAME__________Samba information disclosurePlatforms Affected:Samba Samba 4.1.1 Samba Samba 4.1.0 Samba Samba 4.0.9 Samba Samba 4.0.8 Samba Samba 4.0.7 Samba Samba 4.0.6 Samba Samba 4.0.5 Samba Samba 4.0.4 Samba Samba 4.0.2…

Vulnerabilities

Irssi denial of service | CVE-2023-29132

NAME__________Irssi denial of servicePlatforms Affected:Irssi Irssi 1.3.0Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Irssi is vulnerable to a denial of service, caused by a use-after-free flaw when printing a message while another message…

Vulnerabilities

Samba information disclosure | CVE-2023-0922

NAME__________Samba information disclosurePlatforms Affected:Samba Samba 4.1.1 Samba Samba 4.1.0 Samba Samba 4.0.9 Samba Samba 4.0.8 Samba Samba 4.0.7 Samba Samba 4.0.6 Samba Samba 4.0.5 Samba Samba 4.0.4 Samba Samba 4.0.2…

Vulnerabilities

Nextcloud Server security bypass | CVE-2023-28643

NAME__________Nextcloud Server security bypassPlatforms Affected:Nextcloud Nextcloud Server 25.0.0Risk Level:5.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Nextcloud Server could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when a recipient receives…

Vulnerabilities

Nextcloud Server and Nextcloud Enterprise Server information disclosure | CVE-2023-28835

NAME__________Nextcloud Server and Nextcloud Enterprise Server information disclosurePlatforms Affected:Nextcloud Nextcloud Server 24.0.9 Nextcloud Nextcloud Server 25.0.3 Nextcloud Nextcloud Server 25.0.0 Nextcloud Nextcloud Server 24.0.0 Nextcloud Nextcloud Enterprise Server 23.0.0 Nextcloud…

Vulnerabilities

Nextcloud Server denial of service | CVE-2023-28644

NAME__________Nextcloud Server denial of servicePlatforms Affected:Nextcloud Nextcloud Server 25.0.2Risk Level:5.7Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Nextcloud Server is vulnerable to a denial of service, caused by a flaw during reference fetch. By sending…

Vulnerabilities

Samba security bypass | CVE-2023-0225

NAME__________Samba security bypassPlatforms Affected:Samba Samba 4.17.0 Samba Samba 4.18.0Risk Level:5.4Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Samba could allow a remote authenticated attacker to bypass security restrictions, caused by an incomplete access check on dnsHostName.…

Vulnerabilities

Vira-Investing Investment Tracking System cross-site scripting | CVE-2023-1013

NAME__________Vira-Investing Investment Tracking System cross-site scriptingPlatforms Affected:Risk Level:6.1Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Vira-Investing Investment Tracking System is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit…

Vulnerabilities

QNAP QTS, QNAP QuTS hero, QNAP QuTScloud, QNAP QVP (QVR Pro appliances), and QNAP QVR command execution | CVE-2023-23355

NAME__________QNAP QTS, QNAP QuTS hero, QNAP QuTScloud, QNAP QVP (QVR Pro appliances), and QNAP QVR command executionPlatforms Affected:Risk Level:6.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________An unspecified error in QNAP QTS, QNAP QuTS hero, QNAP…

Vulnerabilities

Daily Vulnerability Trends: Sat Apr 01 2023

Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2023-21839Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and…

Vulnerabilities

IEEE 802.11 spoofing | CVE-2022-47522

NAME__________IEEE 802.11 spoofingPlatforms Affected:IEEE 802.11Risk Level:7.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________IEEE 802.11 could allow a remote attacker to conduct spoofing attacks, caused by an improper implemented authentication schemes flaw in the Packet Routing…

Vulnerabilities

WordPress Ping Optimizer Plugin for WordPress cross-site request forgery | CVE-2022-30705

NAME__________WordPress Ping Optimizer Plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress WordPress Ping Optimizer Plugin for WordPress 2.35.1.2.3Risk Level:6.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________WordPress Ping Optimizer Plugin for WordPress is vulnerable to cross-site request…

Vulnerabilities

lambdaisland/uri security bypass | CVE-2023-28628

NAME__________lambdaisland/uri security bypassPlatforms Affected:lambdaisland/uri lambdaisland/uri 1.13.95Risk Level:5.4Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________lambdaisland/uri could allow a remote attacker to bypass security restrictions, caused by a flaw with authority-regex function returns the wrong authority. By…

Vulnerabilities

Ruijie Networks RG-EW1200G PRO, Ruijie Networks RG-EW1800GX PRO, and Ruijie Networks RG-EW3200GX PRO command execution | CVE-2023-27796

NAME__________Ruijie Networks RG-EW1200G PRO, Ruijie Networks RG-EW1800GX PRO, and Ruijie Networks RG-EW3200GX PRO command executionPlatforms Affected:Risk Level:6.3Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION__________Ruijie Networks RG-EW1200G PRO, Ruijie Networks RG-EW1800GX PRO, and Ruijie…

Vulnerabilities

Apple macOS Ventura, iOS and iPadOS security bypass | CVE-2023-27932

NAME__________Apple macOS Ventura, iOS and iPadOS security bypassPlatforms Affected:Apple macOS Ventura 13.2 Apple iOS 16.3 Apple iPadOS 16.3Risk Level:6.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Apple macOS Ventura iOS and iPadOS could allow a remote…

Vulnerabilities

RouterOS denial of service | CVE-2023-24094

NAME__________RouterOS denial of servicePlatforms Affected:Risk Level:5.3Exploitability:Proof of ConceptConsequences:Denial of Service DESCRIPTION__________RouterOS is vulnerable to a denial of service, caused by memory corruption in the bridge2 component. By sending specially-crafted packers,…

You missed

Microsoft Fixes New Azure AD Vulnerability Impacting Bing Search and Major Apps

Data Breach Ransomware

LockBit 3.0 Ransomware Victim: ativy[.]com

Data Breach Ransomware

LockBit 3.0 Ransomware Victim: etkinllc[.]com

Data Breach Ransomware

LockBit 3.0 Ransomware Victim: semsinc[.]net