US-CERT Vulnerability Summary for the Week of July 24, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infobiltay_technology -- scienta Improper Neutralization of Special Elements used in an SQL...
IMDShift – Automates Migration Process Of Workloads To IMDSv2 To Avoid SSRF Attacks
AWS workloads that rely on the metadata endpoint are vulnerable to Server-Side Request Forgery (SSRF) attacks. IMDShift automates the migration...
CISA: CISA Releases its Cybersecurity Strategic Plan
CISA Releases its Cybersecurity Strategic Plan Today, CISA released a strategic plan to lay out how we will fulfill our...
NYC Couple Pleads Guilty to Money Laundering in $3.6 Billion Bitfinex Hack
A married couple from New York City has pleaded guilty to money laundering charges in connection with the 2016 hack...
Webinar – Making PAM Great Again: Solving the Top 5 Identity Team PAM Challenges
Privileged Access Management (PAM) solutions are widely acknowledged as the gold standard for securing critical privileged accounts. However, many security...
Malicious npm Packages Found Exfiltrating Sensitive Data from Developers
Cybersecurity researchers have discovered a new bunch of malicious packages on the npm package registry that are designed to exfiltrate...
Akira Ransomware Victim: Venture General Agen cy
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
LockBit 3.0 Ransomware Victim: ohiohistory[.]org
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: pointpleasant[.]k12[.]nj[.]us
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Viatom ViHealth App for Android code execution | CVE-2023-36351
NAME__________Viatom ViHealth App for Android code executionPlatforms Affected:Viatom ViHealth App for Android 2.74.58Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Viatom ViHealth App for Android...
Silverstripe Admin Module cross-site scripting |
NAME__________Silverstripe Admin Module cross-site scriptingPlatforms Affected:SilverStripe Silverstripe Admin Module 1.13.5Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Silverstripe Admin Module is vulnerable to cross-site scripting,...
Silverstripe Framework security bypass | CVE-2023-32302
NAME__________Silverstripe Framework security bypassPlatforms Affected:SilverStripe Silverstripe Framework 4.13.13 SilverStripe Silverstripe Framework 5.0.12Risk Level:5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Silverstripe Framework could allow a remote...
Online Shopping Portal Project SQL injection | CVE-2023-37772
NAME__________Online Shopping Portal Project SQL injectionPlatforms Affected:PHPGurukul Shopping Portal Project 3.1Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Online Shopping Portal Project is vulnerable to...
GreenShot code execution | CVE-2023-34634
NAME__________GreenShot code executionPlatforms Affected:GreenShot GreenShot 1.2.10Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________GreenShot could allow a remote attacker to execute arbitrary code on the...
OMRON CX-Programmer code execution | CVE-2023-38748
NAME__________OMRON CX-Programmer code executionPlatforms Affected:Omron CX-Programmer 9.80Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________OMRON CX-Programmer could allow a remote attacker to execute arbitrary code...
Broadcom Brocade Fabric OS privilege escalation | CVE-2023-31432
NAME__________Broadcom Brocade Fabric OS privilege escalationPlatforms Affected:Broadcom Brocade Fabric OS 8.2.1 Broadcom Brocade Fabric OS 8.2.3Risk Level:7.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Broadcom Brocade...
procps-ng procps denial of service | CVE-2023-4016
NAME__________procps-ng procps denial of servicePlatforms Affected:procps-ng procpsRisk Level:3.3Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________procps-ng procps is vulnerable to a denial of service, caused...
Shelly 4PM Pro four-channel smart switch denial of service | CVE-2023-33383
NAME__________Shelly 4PM Pro four-channel smart switch denial of servicePlatforms Affected:Shelly 4PM Pro four-channel smart switch 0.11.0Risk Level:5.3Exploitability:Proof of ConceptConsequences:Denial of...
PHPJabbers Time Slots Booking Calendar preview.php cross-site scripting | CVE-2023-33560
NAME__________PHPJabbers Time Slots Booking Calendar preview.php cross-site scriptingPlatforms Affected:PHPJabbers Time Slots Booking Calendar 3.3Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________PHPJabbers Time Slots Booking...
Broadcom Brocade Fabric OS denial of service | CVE-2023-31431
NAME__________Broadcom Brocade Fabric OS denial of servicePlatforms Affected:Broadcom Brocade Fabric OS 8.2.1 Broadcom Brocade Fabric OS 8.2.3Risk Level:5.5Exploitability:UnprovenConsequences:Denial of Service...
AXIS License Plate Verifier code execution | CVE-2023-21410
NAME__________AXIS License Plate Verifier code executionPlatforms Affected:AXIS License Plate Verifier 2.8.3Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________AXIS License Plate Verifier could allow a...
Broadcom Brocade Fabric OS cross-site scripting | CVE-2023-31928
NAME__________Broadcom Brocade Fabric OS cross-site scriptingPlatforms Affected:Broadcom Brocade Fabric OS 8.2.1 Broadcom Brocade Fabric OS 8.2.3Risk Level:6.3Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Broadcom Brocade...
AXIS License Plate Verifier SQL injection | CVE-2023-21412
NAME__________AXIS License Plate Verifier SQL injectionPlatforms Affected:AXIS License Plate Verifier 2.8.3Risk Level:7.2Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________AXIS License Plate Verifier is vulnerable to...
Broadcom Brocade Fabric OS privilege escalation | CVE-2023-31427
NAME__________Broadcom Brocade Fabric OS privilege escalationPlatforms Affected:Broadcom Brocade Fabric OS 8.2.1 Broadcom Brocade Fabric OS 8.2.3Risk Level:7.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Broadcom Brocade...
