CyberSecurityBoard
Sponsor Register Login

Vulnerability Summary for the Week of November 27, 2023

PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking.
Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - rugged control center Description Dell Rugged Control Center, version prior to 4.7, contains an improper access control vulnerability.
Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-43089 PrimaryVendor - Product delta electronics - infrasuite device master Description In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet.
Published 2023-11-30 CVSS Score not yet calculated Source & Patch Info CVE-2023-39226 PrimaryVendor - Product delta electronics - infrasuite device master Description In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution.
Published 2023-11-30 CVSS Score not yet calculated Source & Patch Info CVE-2023-46690 PrimaryVendor - Product delta electronics - infrasuite device master Description In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges.
Published 2023-11-30 CVSS Score not yet calculated Source & Patch Info CVE-2023-47207 PrimaryVendor - Product delta electronics - infrasuite device master Description In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying.
Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read. Published 2023-11-29 CVSS Score not yet calculated Source & Patch Info CVE-2023-46886 PrimaryVendor - Product dreamer - cms Description In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability.
Published 2023-11-29 CVSS Score not yet calculated Source & Patch Info CVE-2023-48882 PrimaryVendor - Product ezviz - multiple products Description An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior to v5.3.x build 20230401, Ezviz CS-C3N-xxx prior to v5.3.x build 20230401 allows remote attackers to obtain sensitive information by sending crafted messages to the affected devices.
Published 2023-11-29 CVSS Score not yet calculated Source & Patch Info CVE-2023-49656 PrimaryVendor - Product jenkins - jenkins Description A cross-site request forgery vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.
PrimaryVendor - Product mitsubishi electric corporation - gx works3 Description Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service condition.
Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-28896 PrimaryVendor - Product progress software corporation - moveit transfer Description In Progress MOVEit Transfer versions released before 2022.0.9, 2022.1.10, 2023.0.7, a reflected cross-site scripting vulnerability has been identified when MOVEit Gateway is used in conjunction with MOVEit Transfer.
Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48016 PrimaryVendor - Product ruoyi - ruoyi Description RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit.
Published 2023-11-28 CVSS Score not yet calculated Source & Patch Info CVE-2023-49092 PrimaryVendor - Product schweitzer engineering laboratories - sel-411l Description An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior.
Published 2023-11-30 CVSS Score not yet calculated Source & Patch Info CVE-2023-2266 PrimaryVendor - Product schweitzer engineering laboratories - sel-411l Description An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user.
Published 2023-11-30 CVSS Score not yet calculated Source & Patch Info CVE-2023-2267 PrimaryVendor - Product schweitzer engineering laboratories - sel-451 Description An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication.
Published 2023-11-30 CVSS Score not yet calculated Source & Patch Info CVE-2023-31177 PrimaryVendor - Product schweitzer engineering laboratories - sel-451 Description An Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication.
Published 2023-11-30 CVSS Score not yet calculated Source & Patch Info CVE-2023-34388 PrimaryVendor - Product schweitzer engineering laboratories - sel-451 Description An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to make the system unavailable for an indefinite amount of time.
Published 2023-11-30 CVSS Score not yet calculated Source & Patch Info CVE-2023-34389 PrimaryVendor - Product schweitzer engineering laboratories - sel-451 Description An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to create a denial of service against the system and locking out services.
Published 2023-11-28 CVSS Score not yet calculated Source & Patch Info CVE-2023-48848 PrimaryVendor - Product windows - multiple products Description An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218.
Published 2023-11-28 CVSS Score not yet calculated Source & Patch Info CVE-2023-4398 PrimaryVendor - Product zyxel - nas326/nas542 Description An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to obtain system information by sending a crafted URL to a vulnerable device.


This Cyber News was published on www.cisa.gov. Publication date: Mon, 04 Dec 2023 19:43:06 +0000


Cyber News related to Vulnerability Summary for the Week of November 27, 2023

CVE-2015-2165 - Multiple cross-site scripting (XSS) vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4.x, 5.x, and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) portal, (2) fromDate, (3) ...
5 years ago
Ransomware Attacks in November Rise 67% From 2022 - Global levels of ransomware attacks rose 30% in November, with a total of 442 attacks, following a lower volume of attacks in October according to NCC Group's November Threat Pulse. As the third most active month of the year, ransomware levels in ...
10 months ago Darkreading.com
Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
11 months ago Cisa.gov
Ransomware Leak Site Victims Reached Record-High in November - After a quieter month in October, ransomware groups seemed to return with a vengeance in November, with the highest number of listed victims ever recorded, according to Corvus Insurance. In a report published on December 18, 2023, Corvus Threat Intel ...
10 months ago Infosecurity-magazine.com
CVE-2018-0688 - Open redirect vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, ...
5 years ago
CVE-2018-0689 - HTTP header injection vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September ...
5 years ago
January 2024 Patch Tuesday forecast: A Focus on Printing - This article aims to provide a quick summary of some of the latest trends, announcements, and changes associated with IT patch operations while looking at the upcoming Patch Tuesday and what software updates to expect. December 2023 Patch Tuesday ...
10 months ago Helpnetsecurity.com
December 2023 Patch Tuesday forecast: 'Tis the season for vigilance - Many in the retail industry have placed our systems in 'lockdown' since before Thanksgiving to ensure we don't interrupt ongoing sales. They won't be able to update them until after the holidays, but that doesn't mean they can't respond to threats. ...
11 months ago Helpnetsecurity.com
Hackers Stole Data of 1.3 Million Financial National Fidelity Users - Hackers stole data from more than 1.3 million Fidelity National Financial customers when the giant real estate services firm was hit with a ransomware attack in November 2023 that shut down the company's operations for a week. The company wrote that ...
10 months ago Securityboulevard.com
National Cybersecurity Alliance Announces 2024 Data Privacy Week - PRESS RELEASE. WASHINGTON - Today, the National Cybersecurity Alliance, announced the program for its third annual Data Privacy Week campaign, which will take place from January 22nd to January 27th. Throughout the week, NCA will emphasize the ...
9 months ago Darkreading.com
Schools in Maine, Indiana and Georgia contend ransomware attacks - Colleges and K-12 schools in several states are dealing with ransomware incidents causing outages and leaking sensitive data - a continuation of a trend that has affected campuses nationwide throughout the year. Henry County Schools - a district an ...
11 months ago Therecord.media
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 month ago Aws.amazon.com
ThreatDown EDR update: Streamlined Suspicious Activity investigation - Navigating the complex world of alerts just got easier, thanks to our latest enhancements to the ThreatDown Endpoint Detection and Response platform. The detailed technical information in EDR alerts-replete with complicated diagrams and references to ...
9 months ago Malwarebytes.com
LockBit Ransomware Attack on Sacramento PBS Station in November - The LockBit ransomware group this week claimed responsibility for a November ransomware attack on a public broadcasting affiliate in Sacramento, California. The attack was announced by the station, KVIE, on November 23, and they took their systems ...
1 year ago Therecord.media
Cloudflare publishes details of Thanksgiving security breach The Register - Cloudflare has just detailed how suspected government spies gained access to its internal Atlassian installation using credentials stolen via a security breach at Okta in October. In a write-up on Thursday, CEO Matthew Prince, CTO John ...
9 months ago Go.theregister.com
New macOS Backdoor Linked to Prominent Ransomware Groups - A newly identified macOS backdoor written in Rust appears linked to the prominent ransomware families Black Basta and Alphv/BlackCat, cybersecurity firm Bitdefender reports. The malware, dubbed RustDoor, impersonates Visual Studio, supports both ...
9 months ago Securityweek.com
Why you might not be done with your January Microsoft security patches - The January patching window for your firm has probably come and gone. Has it? While January included a huge release of patches, several releases in other months have provided more than one headache for the patch management community. These are the ...
1 year ago Csoonline.com
The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
11 months ago Bleepingcomputer.com
CVE-2024-36077 - Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, which allows them to execute commands on the ...
5 months ago
Arrests in $400M SIM-Swap Tied to Heist at FTX? - Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. The U.S. government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct ...
9 months ago Krebsonsecurity.com
IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities - SUMMARY. The Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, National Security Agency, Environmental Protection Agency, and the Israel National Cyber Directorate-hereafter referred to as "The authoring agencies"-are ...
11 months ago Cisa.gov
Records of Crucial Cases May Have Been Compromised by a Cyberattack on Victoria's Court System - An independent expert believes that ransomware was used to assault Victoria's court system and that the attack was coordinated by Russian hackers. According to a representative for Court Services Victoria, hackers gained access to a portion of the ...
10 months ago Cysecurity.news
It was other crims what did it: SBF off hook for FTX hack The Register - Infosec In Brief The recent indictment of a massive SIM-swapping ring may mean convicted crypto conman Sam Bankman-Fried is innocent of at least one allegation still hanging over his head: The theft of more than $400 million in crypto hacked from ...
9 months ago Go.theregister.com
Victoria court recordings exposed in reported ransomware attack - Australia's Court Services Victoria is warning that video recordings of court hearings were exposed after suffering a reported Qilin ransomware attack. CSV is an independent statutory authority that provides services to Victoria's court systems, ...
10 months ago Bleepingcomputer.com
Crypto Enthusiasts Embrace New Frontier: Investing in Bitcoin ETFs Explained - This was the first time the Securities and Exchange Commission approved an exchange-traded fund that contained bitcoin, but the Commission stressed that its decision does not mean it endorses or approves Bitcoin, but that it remains deeply sceptical ...
10 months ago Cysecurity.news

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)