US-CERT Vulnerability Summary for the Week of August 21, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoqemu -- qemuThe hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model...
Experts Uncover How Cybercriminals Could Exploit Microsoft Entra ID for Elevated Privilege
Cybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID (formerly Azure Active Directory) application...
HackerOne Bug Bounty Disclosure: b-unsanitized-input-goes-to-regex-function-leads-to-redos-that-make-request-hangs-b-shin
Company Name: b'Internet Bug Bounty' Company HackerOne URL: https://hackerone.com/ibb Submitted By:b'shin24'Link to Submitters Profile:https://hackerone.com/b'shin24' Report Title:b'unsanitized input goes to regex...
HackerOne Bug Bounty Disclosure: b-staff-and-triage-can-modify-the-initial-post-of-a-report-including-of-already-disclosed-reports-b-zerotea
Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'zerotea'Link to Submitters Profile:https://hackerone.com/b'zerotea' Report Title:b'Staff and Triage can modify the initial...
HackerOne Bug Bounty Disclosure: b-http-request-smuggling-via-empty-headers-separated-by-cr-b-yadhukrishnam
Company Name: b'Internet Bug Bounty' Company HackerOne URL: https://hackerone.com/ibb Submitted By:b'yadhukrishnam'Link to Submitters Profile:https://hackerone.com/b'yadhukrishnam' Report Title:b'HTTP Request Smuggling via Empty...
HackerOne Bug Bounty Disclosure: b-stored-xss-on-promo-indrive-com-b-kristoferent
Company Name: b'inDrive' Company HackerOne URL: https://hackerone.com/indrive Submitted By:b'kristoferent'Link to Submitters Profile:https://hackerone.com/b'kristoferent' Report Title:b'Stored XSS on promo.indrive.com'Report Link:https://hackerone.com/reports/2051085Date Submitted:28 August...
Cyberattacks Targeting E-commerce Applications
Cyber attacks on e-commerce applications are a common trend in 2023 as e-commerce businesses become more omnichannel, they build and...
Developers Beware: Malicious Rust Libraries Caught Transmitting OS Info to Telegram Channel
In yet another sign that developers continue to be targets of software supply chain attacks, a number of malicious packages...
KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities
An updated version of a botnet malware called KmsdBot is now targeting Internet of Things (IoT) devices, simultaneously branching out...
Akira Ransomware Victim: Voss Enterprises, Di vvies
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Akira Ransomware Victim: Intertek
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Akira Ransomware Victim: Penny Publications
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
IBM Security Guardium cross-site scripting | CVE-2022-43909
NAME__________IBM Security Guardium cross-site scriptingPlatforms Affected:IBM Security Guardium 11.4Risk Level:4.6Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________IBM Security Guardium 11.4 is vulnerable to cross-site scripting....
Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS 6300 Series Fabric Interconnects denial of service | CVE-2023-20200
NAME__________Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS 6300 Series Fabric Interconnects denial of servicePlatforms Affected:Cisco UCS 6300...
IBM Security Guardium information disclosure | CVE-2022-43904
NAME__________IBM Security Guardium information disclosurePlatforms Affected:IBM Security Guardium 11.3 IBM Security Guardium 11.4Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________IBM Security Guardium 11.3 and...
Apache Airflow, Airflow SMTP Provider and Airflow IMAP Provider man-in-the-middle | CVE-2023-39441
NAME__________Apache Airflow, Airflow SMTP Provider and Airflow IMAP Provider man-in-the-middlePlatforms Affected:Apache Airflow 2.6.3 Apache Airflow SMTP Provider 1.2.0 Apache Airflow...
IBM Security Guardium command execution | CVE-2022-43907
NAME__________IBM Security Guardium command executionPlatforms Affected:IBM Security Guardium 11.4Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________IBM Security Guardium 11.4 could allow a remote authenticated...
Supermicro X11, X12, X13, and H11, H12, H13 motherboards privilege escalation | CVE-2023-34853
NAME__________Supermicro X11, X12, X13, and H11, H12, H13 motherboards privilege escalationPlatforms Affected:Supermicro X11 Supermicro H11 Supermicro H12 Supermicro X12 Supermicro...
Maxon Cinema 4D code execution | CVE-2023-40491
NAME__________Maxon Cinema 4D code executionPlatforms Affected:Maxon Cinema 4DRisk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Maxon Cinema 4D could allow a remote attacker to execute...
LG Simple Editor information disclosure | CVE-2023-40507
NAME__________LG Simple Editor information disclosurePlatforms Affected:LG Simple EditorRisk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________LG Simple Editor could allow a remote attacker to obtain...
Maxon Cinema 4D code execution | CVE-2023-40488
NAME__________Maxon Cinema 4D code executionPlatforms Affected:Maxon Cinema 4DRisk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Maxon Cinema 4D could allow a remote attacker to execute...
Maxon Cinema 4D code execution | CVE-2023-40482
NAME__________Maxon Cinema 4D code executionPlatforms Affected:Maxon Cinema 4DRisk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Maxon Cinema 4D could allow a remote attacker to execute...
LG Simple Editor information disclosure | CVE-2023-40512
NAME__________LG Simple Editor information disclosurePlatforms Affected:LG Simple EditorRisk Level:6.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________LG Simple Editor could allow a remote authenticated attacker to...
Maxon Cinema 4D buffer overflow | CVE-2023-40486
NAME__________Maxon Cinema 4D buffer overflowPlatforms Affected:Maxon Cinema 4DRisk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Maxon Cinema 4D is vulnerable to a stack-based buffer overflow,...
