LockBit 3.0 Ransomware Victim: medmark[.]eg
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
The Service Accounts Challenge: Can’t See or Secure Them Until It’s Too Late
Here's a hard question to answer: 'How many service accounts do you have in your environment?'. A harder one is:...
Israel-based Spyware Firm QuaDream Targets High-Risk iPhones with Zero-Click Exploit
Threat actors using hacking tools from an Israeli surveillanceware vendor named QuaDream targeted at least five members of civil society...
Microsoft Windows Win32k privilege escalation | CVE-2023-24914
NAME__________Microsoft Windows Win32k privilege escalationPlatforms Affected:Microsoft Windows 11 22H2 for ARM64-based Systems Microsoft Windows 11 22H2 for x64-based SystemsRisk Level:7Exploitability:UnprovenConsequences:Gain...
Microsoft Dynamics 365 cross-site scripting | CVE-2023-28309
NAME__________Microsoft Dynamics 365 cross-site scriptingPlatforms Affected:Risk Level:7.6Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Microsoft Dynamics 365 is vulnerable to cross-site scripting, caused by improper validation...
Microsoft Visual Studio Code code execution | CVE-2023-24893
NAME__________Microsoft Visual Studio Code code executionPlatforms Affected:Microsoft Visual Studio CodeRisk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Microsoft Visual Studio Code could allow a remote...
SAP CRM security bypass | CVE-2023-29189
NAME__________SAP CRM security bypassPlatforms Affected:SAP CRM S4FND 102 SAP CRM S4FND 103 SAP CRM S4FND 104 SAP CRM S4FND 105...
Apache InLong SQL injection | CVE-2023-30465
NAME__________Apache InLong SQL injectionPlatforms Affected:Apache InLong 1.4.0 Apache InLong 1.5.0Risk Level:6.5Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________Apache InLong is vulnerable to SQL injection. A...
SAP Application Interface Framework cross-site scripting | CVE-2023-29112
NAME__________SAP Application Interface Framework cross-site scriptingPlatforms Affected:SAP Application Interface Framework 600 SAP Application Interface Framework 700Risk Level:3.7Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________SAP Application...
Adobe Acrobat and Adobe Reader code execution | CVE-2023-26423
NAME__________Adobe Acrobat and Adobe Reader code executionPlatforms Affected:Adobe Acrobat DC 23.001.20093 Adobe Acrobat Reader DC 23.001.20093 Adobe Acrobat 2020 20.005.30441...
Adobe Acrobat and Adobe Reader information disclosure | CVE-2023-26397
NAME__________Adobe Acrobat and Adobe Reader information disclosurePlatforms Affected:Adobe Acrobat DC 23.001.20093 Adobe Acrobat Reader DC 23.001.20093 Adobe Acrobat 2020 20.005.30441...
Microsoft Windows Kernel privilege escalation | CVE-2023-28272
NAME__________Microsoft Windows Kernel privilege escalationPlatforms Affected:Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 10 x32 Microsoft Windows...
Mozilla Firefox security bypass | CVE-2023-29542
NAME__________Mozilla Firefox security bypassPlatforms Affected:Mozilla Firefox 111 Mozilla Firefox ESR 102.9 Mozilla Thunderbird 102.9Risk Level:6.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Mozilla Firefox could allow...
Mozilla Firefox spoofing | CVE-2023-29533
NAME__________Mozilla Firefox spoofingPlatforms Affected:Mozilla Firefox 111 Mozilla Firefox ESR 102.9 Mozilla Thunderbird 102.9Risk Level:6.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Mozilla Firefox could allow a...
SAP Application Interface Framework information disclosure | CVE-2023-29111
NAME__________SAP Application Interface Framework information disclosurePlatforms Affected:SAP Application Interface Framework 755 SAP Application Interface Framework 756Risk Level:3.1Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________SAP Application...
Microsoft Azure Service Connector security bypass | CVE-2023-28300
NAME__________Microsoft Azure Service Connector security bypassPlatforms Affected:Risk Level:7.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Microsoft Azure Service Connector for Windows could allow a remote authenticated...
Mozilla Firefox weak security | CVE-2023-29548
NAME__________Mozilla Firefox weak securityPlatforms Affected:Mozilla Firefox 111 Mozilla Firefox ESR 102.9 Mozilla Thunderbird 102.9Risk Level:6.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Mozilla Firefox could provide...
Microsoft Windows DNS Server code execution | CVE-2023-28307
NAME__________Microsoft Windows DNS Server code executionPlatforms Affected:Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft...
Mozilla Thunderbird denial of service | CVE-2023-29479
NAME__________Mozilla Thunderbird denial of servicePlatforms Affected:Mozilla Thunderbird 102.9Risk Level:6.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Mozilla Thunderbird is vulnerable to a denial of service,...
Microsoft Windows DNS Server code execution | CVE-2023-28305
NAME__________Microsoft Windows DNS Server code executionPlatforms Affected:Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft...
Adobe Substance 3D Stager code execution | CVE-2023-26389
NAME__________Adobe Substance 3D Stager code executionPlatforms Affected:Adobe Substance 3D Stager 2.0.1Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Adobe Substance 3D Stager could allow a...
Microsoft Windows Win32k privilege escalation | CVE-2023-28274
NAME__________Microsoft Windows Win32k privilege escalationPlatforms Affected:Microsoft Windows Server 2019 Microsoft Windows 10 1809 for x64-based Systems Microsoft Windows 10 1809...
Microsoft Windows Common Log File System Driver privilege escalation | CVE-2023-28252
NAME__________Microsoft Windows Common Log File System Driver privilege escalationPlatforms Affected:Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows...
Microsoft SQL Server code execution | CVE-2023-23375
NAME__________Microsoft SQL Server code executionPlatforms Affected:Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Microsoft SQL Server could allow a remote attacker to execute arbitrary code...
