Vulnerability Summary for the Week of February 12, 2024

Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library.
Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher.
Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products.
Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products.
Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common Applications.
Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products.
Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History.
Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products.
Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data.
Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products.
Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools.
Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Knowledge Management.
Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products.
Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.
Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.
Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.
Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products.
Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.
Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products.

This Cyber News was published on www.cisa.gov. Publication date: Tue, 20 Feb 2024 21:43:04 +0000

Cyber News related to Vulnerability Summary for the Week of February 12, 2024

CVE-2015-2165 - Multiple cross-site scripting (XSS) vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4.x, 5.x, and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) portal, (2) fromDate, (3) ...
5 years ago

$937 Bounty Awarded for Privilege Escalation and Local File Inclusion Vulnerabilities Patched in MasterStudy LMS WordPress Plugin - On February 25th, 2024, during our second Bug Bounty Extravaganza, we received a submission for a Privilege Escalation vulnerability in MasterStudy LMS, a WordPress plugin with more than 10,000 active installations. The next day on February 26th, ...
1 year ago Wordfence.com

Investigation of Possible Causes of ESXiArgs Ransomware Attacks Suggests VMware is Not at Fault - Edward Hawkins, the High-Profile Product Incident Response Manager at VMware, has denied allegations that two-year-old security flaws have been used in the current ESXiArgs ransomware attacks. Over the weekend, reports surfaced about cybercriminals ...
2 years ago Hackread.com CVE-2021-21974

National Cybersecurity Alliance Announces 2024 Data Privacy Week - PRESS RELEASE. WASHINGTON - Today, the National Cybersecurity Alliance, announced the program for its third annual Data Privacy Week campaign, which will take place from January 22nd to January 27th. Throughout the week, NCA will emphasize the ...
1 year ago Darkreading.com

Prudential Financial now says 2.5 million impacted by data breach - Prudential Financial, a global financial services company, has revealed that over 2.5 million people had their personal information compromised in a February data breach. According to an 8-K form filed with the U.S. Securities and Exchange ...
9 months ago Bleepingcomputer.com Blacksuit LockBit

January 2024 Patch Tuesday forecast: A Focus on Printing - This article aims to provide a quick summary of some of the latest trends, announcements, and changes associated with IT patch operations while looking at the upcoming Patch Tuesday and what software updates to expect. December 2023 Patch Tuesday ...
1 year ago Helpnetsecurity.com

A look at Fortinet's week to forget The Register - Security researchers have urged users to patch vulnerable VPNs as soon as possible since the vulnerability is understood to be easily exploitable. The only workaround recommended by Fortinet is to disable the SSL VPN. Disabling webmode won't mitigate ...
1 year ago Go.theregister.com CVE-2024-23113 CVE-2024-23108 CVE-2024-23109 CVE-2023-34992

Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
1 year ago Cisa.gov

How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
6 months ago Aws.amazon.com

ThreatDown EDR update: Streamlined Suspicious Activity investigation - Navigating the complex world of alerts just got easier, thanks to our latest enhancements to the ThreatDown Endpoint Detection and Response platform. The detailed technical information in EDR alerts-replete with complicated diagrams and references to ...
1 year ago Malwarebytes.com

Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
1 year ago Cisa.gov

Defense Department Notifies 20,000 People of Data Breach Due to Email Leak - It has surfaced that the U.S. Department of Defense has reached out to around 20,600 individuals to inform them about a data breach that took place last year. The breach, disclosed in a letter sent on February 1, 2024, brings to light an ...
1 year ago Cysecurity.news

GitHub Revokes Compromised Code Signing Certificates After Repo Hack - GitHub has recently revealed that unknown attackers have stolen encrypted code-signing certificates for its Desktop and Atom applications after gaining access to some of its development and release planning repositories. The company has found no ...
2 years ago Bleepingcomputer.com

Threat Groups Rush to Exploit JetBrains' TeamCity CI/CD Security Flaws - The cyberthreats to users of JetBrains' TeamCity CI/CD platform continue to mount a week after the company issued two fixes to security vulnerabilities, with one cybersecurity vendor noting a ransomware attack that included exploiting the flaws for ...
1 year ago Securityboulevard.com CVE-2024-27198 CVE-2024-27199 BianLian

Recent Windows Server 2025 updates cause Remote Desktop freezes - Microsoft says a known issue is causing Remote Desktop freezes on Windows Server 2025 systems after installing security updates released since the February 2025 Patch Tuesday. "After installing the February 2025 Security update ...
3 weeks ago Bleepingcomputer.com

Attackers Exploit Microsoft Security-Bypass Zero-Day Bugs - Microsoft's scheduled Patch Tuesday security update for February includes fixes for two zero-day security vulnerabilities under active attack, plus 71 other flaws across a wide range of its products. In all, five of the vulnerabilities for which ...
1 year ago Darkreading.com CVE-2024-21412 CVE-2024-21351 CVE-2024-21410 CVE-2024-21413

Week in review: AnyDesk phishing campaign targets employees, Microsoft fixes exploited zero-days - Integrating cybersecurity into vehicle design and manufacturingIn this Help Net Security interview, Yaron Edan, CISO at REE Automotive, discusses the cybersecurity landscape of the automotive industry, mainly focusing on electric and connected ...
1 year ago Helpnetsecurity.com CVE-2023-43770

Alleged Russian LockBit developer extradited from Israel, appears in New Jersey court | The Record from Recorded Future News - Since December, Justice Department officials have sought Panev’s extradition after a criminal complaint was unsealed last year accusing him of acting as a developer of the LockBit ransomware from 2019 to at least February 2024. The dual ...
1 month ago Therecord.media LockBit

It was other crims what did it: SBF off hook for FTX hack The Register - Infosec In Brief The recent indictment of a massive SIM-swapping ring may mean convicted crypto conman Sam Bankman-Fried is innocent of at least one allegation still hanging over his head: The theft of more than $400 million in crypto hacked from ...
1 year ago Go.theregister.com CVE-2024-21917 CVE-2023-3346 CVE-2024-21916 CVE-2023-6246

CVE-2024-36077 - Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, which allows them to execute commands on the ...
11 months ago

Southern Water says Black Basta ransomware attack cost £4.5M in expenses - Meanwhile, analysis of the leaked internal chat logs from the Black Basta ransomware gang revealed that the water treatment company allegedly proposed to pay the ransomware actors £750,000 ($950k) on February 12, 2024. United Kingdom water ...
1 month ago Bleepingcomputer.com Black Basta

Weekly Vulnerability Recap 2/19/2024: News from Microsoft, Zoom, SolarWinds - While this week was a little light on vulnerability news, it's still been significant, with Microsoft's Patch Tuesday happening as well as updates for major products, like Zoom. Akira ransomware vulnerabilities have also surfaced in older Cisco ...
1 year ago Esecurityplanet.com CVE-2024-21412 CVE-2020-3259 Akira

A personal experience of CISSP boot camp - You can spend your whole life trying to gain the width or depth of knowledge necessary to do the job competently, and every day feel you know a little less than the day before. It's often unclear whether it is a technical field or a management one, ...
1 year ago Securityboulevard.com

Palo Alto Networks Warns Hackers Combining Vulnerabilities to Compromise Firewalls - Palo Alto Networks has issued urgent warnings as cybersecurity researchers observe threat actors exploiting a combination of vulnerabilities in PAN-OS, the operating system powering its next-generation firewalls. By combining these vulnerabilities, ...
2 months ago Cybersecuritynews.com CVE-2025-0108

The Top 24 Security Predictions for 2024 - Welcome to the second installment of this comprehensive annual look at global cybersecurity industry predictions from the top security industry vendors, technology magazines, expert thought leaders and many more. Last week, in part one of The Top 24 ...
1 year ago Securityboulevard.com

Vulnerability Summary for the Week of February 12, 2024

Cyber News related to Vulnerability Summary for the Week of February 12, 2024

Latest Cyber News

Cyber Trends (last 7 days)

Trending Cyber News (last 7 days)