US-CERT Vulnerability Summary for the Week of July 10, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoelra -- parkmatikImproper Neutralization of Special Elements used in an SQL Command...
Play Ransomware Victim: Samson Electric
Play News Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Play Ransomware Victim: Samson Electric
Play News Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
SolarWinds Database Performance Analyzer cross-site scripting | CVE-2023-33231
NAME__________SolarWinds Database Performance Analyzer cross-site scriptingPlatforms Affected:SolarWinds Database Performance Analyzer 2023.2Risk Level:5.4Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________SolarWinds Database Performance Analyzer is vulnerable to...
Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK unspecified | CVE-2023-22036
NAME__________Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK unspecifiedPlatforms Affected:Oracle GraalVM for JDK 17.0.7 Oracle GraalVM for...
Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK unspecified | CVE-2023-22044
NAME__________Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK unspecifiedPlatforms Affected:Oracle GraalVM for JDK 17.0.7 Oracle GraalVM for...
Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK unspecified | CVE-2023-22049
NAME__________Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK unspecifiedPlatforms Affected:Oracle GraalVM for JDK 17.0.7 Oracle GraalVM for...
Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK unspecified | CVE-2023-22041
NAME__________Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK unspecifiedPlatforms Affected:Oracle GraalVM for JDK 17.0.7 Oracle GraalVM for...
Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK unspecified | CVE-2023-22006
NAME__________Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK unspecifiedPlatforms Affected:Oracle GraalVM for JDK 17.0.7 Oracle GraalVM for...
PaulPrinting CMS cross-site scripting |
NAME__________PaulPrinting CMS cross-site scriptingPlatforms Affected:CodeCanyon PaulPrinting CMSRisk Level:7.2Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________PaulPrinting CMS is vulnerable to multiple cross-site scripting, caused by improper...
Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK unspecified | CVE-2023-22045
NAME__________Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK unspecifiedPlatforms Affected:Oracle GraalVM for JDK 17.0.7 Oracle GraalVM for...
IBM Cognos Analytics cross-site scripting | CVE-2023-28530
NAME__________IBM Cognos Analytics cross-site scriptingPlatforms Affected:IBM Cognos Analytics 11.1 IBM Cognos Analytics 11.2Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________IBM Cognos Analytics 11.1 and...
PaulPrinting CMS /account/delivery cross-site scripting |
NAME__________PaulPrinting CMS /account/delivery cross-site scriptingPlatforms Affected:CodePaul PaulPrinting CMSRisk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________PaulPrinting CMS is vulnerable to cross-site scripting, caused by improper...
Mozilla Thunderbird spoofing | CVE-2023-3417
NAME__________Mozilla Thunderbird spoofingPlatforms Affected:Mozilla Thunderbird 115.0Risk Level:5.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Mozilla Thunderbird could allow a remote attacker to conduct spoofing attacks. By...
IBM Cognos Analytics cross-site scripting | CVE-2023-25929
NAME__________IBM Cognos Analytics cross-site scriptingPlatforms Affected:IBM Cognos Analytics 11.1 IBM Cognos Analytics 11.2Risk Level:4.6Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________IBM Cognos Analytics 11.1 and...
GMOD GBrowse file upload | CVE-2023-32637
NAME__________GMOD GBrowse file uploadPlatforms Affected:GMOD GBrowse 1.70 GMOD GBrowse 2.55Risk Level:5.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________GMOD GBrowse could allow a remote attacker to...
Micro Focus products information disclosure | CVE-2023-32265
NAME__________Micro Focus products information disclosurePlatforms Affected:Micro Focus Enterprise Server 6.0 Micro Focus Enterprise Test Server 6.0 Micro Focus Enterprise Developer...
Daily Vulnerability Trends: Sat Jul 22 2023
Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2021-20323A POST based reflected Cross Site Scripting vulnerability on has been identified...
Clop gang to earn over $75 million from MOVEit extortion attacks
The Clop ransomware gang is expected to earn between $75-100 million from extorting victims of their massive MOVEit data theft...
Stolen Azure AD key offered widespread access to Microsoft cloud services
The Microsoft private encryption key stolen by Storm-0558 Chinese hackers provided them with access far beyond the Exchange Online and...
The Week in Ransomware – July 21st 2023 – Avaddon Back as NoEscape
This edition of the Week in Ransomware covers the last two weeks of news, as we could not cover it...
VirusTotal apologizes for data leak affecting 5,600 customers
VirusTotal apologized on Friday for leaking the information of over 5,600 customers after an employee mistakenly uploaded a CSV file...
Netscaler ADC bug exploited to breach US critical infrastructure org
The US government is warning that threat actors breached the network of a U.S. organization in the critical infrastructure sector...
Clop Drives Record Ransomware Activity in June
Ransomware attacks in June soared 221% year-on-year to hit a record 434 for the month, according to an analysis from...
