Month: November 2023

News

US-CERT Vulnerability Summary for the Week of November 20, 2023

November 27, 2023

High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- after_effectsAdobe After Effects version 24.0.2 (and earlier) and 23.6 (and...

UserPro plugin for WordPress cross-site request forgery | CVE-2023-6008

November 27, 2023

NAME__________UserPro plugin for WordPress cross-site request forgeryPlatforms Affected:Risk Level:6.3Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________UserPro plugin for WordPress is vulnerable to cross-site request forgery,...

Dell OS Recovery Tool privilege escalation | CVE-2023-39253

November 27, 2023

NAME__________Dell OS Recovery Tool privilege escalationPlatforms Affected:Risk Level:7.3Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Dell OS Recovery Tool could allow a local authenticated attacker to...

Dell Command | Configure privilege escalation | CVE-2023-44289

November 27, 2023

NAME__________Dell Command | Configure privilege escalationPlatforms Affected:Dell Command | Configure 4.10Risk Level:7.3Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Dell Command | Configure could allow a...

Dell Command | Monitor privilege escalation | CVE-2023-44290

November 27, 2023

NAME__________Dell Command | Monitor privilege escalationPlatforms Affected:Dell Command | Monitor 10.9.0Risk Level:7.3Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Dell Command | Monitor could allow a...

Dell Command | Configure privilege escalation | CVE-2023-43086

November 27, 2023

Leadster Plugin for WordPress cross-site request forgery | CVE-2023-47791

November 27, 2023

NAME__________Leadster Plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress Leadster plugin for WordPress 1.1.2Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Leadster Plugin for WordPress is...

Theme Blvd Shortcodes plugin for WordPress cross-site scripting | CVE-2023-5338

November 27, 2023

NAME__________Theme Blvd Shortcodes plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Theme Blvd Shortcodes plugin for WordPress 1.6.8Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Theme Blvd...

Apache DolphinScheduler information disclosure | CVE-2023-48796

November 27, 2023

NAME__________Apache DolphinScheduler information disclosurePlatforms Affected:Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Apache DolphinScheduler could allow a remote attacker to obtain sensitive information, caused by...

LayerSlider Plugin for WordPress cross-site scripting | CVE-2023-47786

November 27, 2023

NAME__________LayerSlider Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress LayerSlider Plugin for WordPress 7.7.9Risk Level:6.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________LayerSlider Plugin for WordPress is vulnerable...

Email Encoder Bundle Plugin for WordPress SQL injection | CVE-2023-47821

November 27, 2023

NAME__________Email Encoder Bundle Plugin for WordPress SQL injectionPlatforms Affected:WordPress Email Encoder Bundle Plugin for WordPress 2.1.8Risk Level:6.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Email Encoder...

Checkmk cross-site request forgery | CVE-2023-6251

November 27, 2023

NAME__________Checkmk cross-site request forgeryPlatforms Affected:Risk Level:2.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Checkmk is vulnerable to cross-site request forgery, caused by improper validation of user-supplied...

Big File Uploads Plugin for WordPress cross-site request forgery | CVE-2023-47792

November 27, 2023

NAME__________Big File Uploads Plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress Big File Uploads Plugin for WordPress 2.1.1Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Big...

UserPro plugin for WordPress security bypass | CVE-2023-6007

November 27, 2023

NAME__________UserPro plugin for WordPress security bypassPlatforms Affected:WordPress UserPro plugin for WordPress 5.1.1Risk Level:7.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________UserPro plugin for WordPress could allow...

Easy Call Now by ThikShare Plugin for WordPress cross-site request forgery | CVE-2023-47819

November 27, 2023

NAME__________Easy Call Now by ThikShare Plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress Easy Call Now by ThikShare Plugin for WordPress...

Pz-LinkCard Plugin for WordPress cross-site request forgery | CVE-2023-47790

November 27, 2023

NAME__________Pz-LinkCard Plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress LayerSlider Plugin for WordPress 7.7.9Risk Level:7.1Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Pz-LinkCard Plugin for WordPress is...

CISA

CISA: CISA Releases The Mitigation Guide: Healthcare and Public Health (HPH) Sector

November 27, 2023

CISA Releases The Mitigation Guide: Healthcare and Public Health (HPH) Sector Today, CISA released the Mitigation Guide: Healthcare and Public...

CISA

CISA: CISA Requests Comment on Draft Secure Software Development Attestation Form

November 27, 2023

CISA Requests Comment on Draft Secure Software Development Attestation Form CISA has opened a 30-day Federal Register notice to receive...

CISA

CISA: Juniper Releases Security Advisory for Juniper Secure Analytics

November 27, 2023

Juniper Releases Security Advisory for Juniper Secure Analytics Juniper released a security advisory to address multiple vulnerabilities affecting Juniper Secure...

CISA

CISA: Citrix Releases Security Updates for Citrix Hypervisor

November 27, 2023

Citrix Releases Security Updates for Citrix Hypervisor Citrix has released security updates addressing vulnerabilities in Citrix Hypervisor 8.2 CU1 LTSR....

CISA

CISA: CISA Releases Five Industrial Control Systems Advisories

November 27, 2023

CISA Releases Five Industrial Control Systems Advisories CISA released five Industrial Control Systems (ICS) advisories on November 21, 2023. These...

CISA

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

November 27, 2023

CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...

CISA

CISA: CISA, FBI, MS-ISAC, and ASD’s ACSC Release Advisory on LockBit Affiliates Exploiting Citrix Bleed

November 27, 2023

CISA, FBI, MS-ISAC, and ASD’s ACSC Release Advisory on LockBit Affiliates Exploiting Citrix Bleed Today, the Cybersecurity and Infrastructure Security...

CISA

CISA: CISA and UK NCSC Unveil Joint Guidelines for Secure AI System Development

November 27, 2023

CISA and UK NCSC Unveil Joint Guidelines for Secure AI System Development Today, in a landmark collaboration, the U.S. Cybersecurity...

Month: November 2023

US-CERT Vulnerability Summary for the Week of November 20, 2023

UserPro plugin for WordPress cross-site request forgery | CVE-2023-6008

Dell OS Recovery Tool privilege escalation | CVE-2023-39253

Dell Command | Configure privilege escalation | CVE-2023-44289

Dell Command | Monitor privilege escalation | CVE-2023-44290

Dell Command | Configure privilege escalation | CVE-2023-43086

Leadster Plugin for WordPress cross-site request forgery | CVE-2023-47791

Theme Blvd Shortcodes plugin for WordPress cross-site scripting | CVE-2023-5338

Apache DolphinScheduler information disclosure | CVE-2023-48796

LayerSlider Plugin for WordPress cross-site scripting | CVE-2023-47786

Email Encoder Bundle Plugin for WordPress SQL injection | CVE-2023-47821

Checkmk cross-site request forgery | CVE-2023-6251

Big File Uploads Plugin for WordPress cross-site request forgery | CVE-2023-47792

UserPro plugin for WordPress security bypass | CVE-2023-6007

Easy Call Now by ThikShare Plugin for WordPress cross-site request forgery | CVE-2023-47819

Pz-LinkCard Plugin for WordPress cross-site request forgery | CVE-2023-47790

CISA: CISA Releases The Mitigation Guide: Healthcare and Public Health (HPH) Sector

CISA: CISA Requests Comment on Draft Secure Software Development Attestation Form

CISA: Juniper Releases Security Advisory for Juniper Secure Analytics

CISA: Citrix Releases Security Updates for Citrix Hypervisor

CISA: CISA Releases Five Industrial Control Systems Advisories

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: CISA, FBI, MS-ISAC, and ASD’s ACSC Release Advisory on LockBit Affiliates Exploiting Citrix Bleed

CISA: CISA and UK NCSC Unveil Joint Guidelines for Secure AI System Development

CVE Alert: CVE-2024-52867

CVE Alert: CVE-2020-25720

CVE Alert: CVE-2023-4639

CVE Alert: CVE-2023-1419

CVE Alert: CVE-2023-43091

You may have missed