US-CERT Vulnerability Summary for the Week of November 20, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- after_effectsAdobe After Effects version 24.0.2 (and earlier) and 23.6 (and...
Month: December 2023
Akira Ransomware Victim: Bern Hotels & Resort s
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
SimpleSAMLphp xml-security security bypass | CVE-2023-49087
NAME__________SimpleSAMLphp xml-security security bypassPlatforms Affected:SimpleSAMLphp xml-security 5.0.0-alpha.12 SimpleSAMLphp xml-security 1.6.11Risk Level:6.8Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________SimpleSAMLphp xml-security could allow a remote attacker to...
Perl code execution | CVE-2023-47039
NAME__________Perl code executionPlatforms Affected:Perl Perl 5.34.0 Perl Perl 5.36.0 Perl Perl 5.38.0Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Perl could allow a local authenticated...
Yokogawa STARDOM denial of service | CVE-2023-5915
NAME__________Yokogawa STARDOM denial of servicePlatforms Affected:Yokogawa STARDOM FCN/FCJ R1.01 Yokogawa STARDOM FCN/FCJ R4.31Risk Level:5.3Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Yokogawa STARDOM is vulnerable...
Pimcore Customer Management Framework cross-site request forgery | CVE-2023-49076
NAME__________Pimcore Customer Management Framework cross-site request forgeryPlatforms Affected:Pimcore Customer Management Framework 4.0.4Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Pimcore Customer Management Framework is vulnerable...
Perl buffer overflow | CVE-2023-47038
NAME__________Perl buffer overflowPlatforms Affected:Perl Perl 5.34.0 Perl Perl 5.36.0 Perl Perl 5.38.0Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Perl is vulnerable to a heap-based...
Sentry Symbolicator server-side request forgery | CVE-2023-49094
NAME__________Sentry Symbolicator server-side request forgeryPlatforms Affected:Sentry Symbolicator 0.3.3 Sentry Symbolicator 23.11.1Risk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Sentry Symbolicator is vulnerable to server-side request...
ASR ASR1803 and ASR1806 Chipsets code execution | CVE-2023-49701
NAME__________ASR ASR1803 and ASR1806 Chipsets code executionPlatforms Affected:ASR ASR1803 ASR ASR1806Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________ASR ASR1803 and ASR1806 Chipsets could allow...
Catalis CMS360 information disclosure | CVE-2023-6341
NAME__________Catalis CMS360 information disclosurePlatforms Affected:Risk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Catalis CMS360 could allow a remote attacker to obtain sensitive information, caused by...
Henschen & Associates court document management software information disclosure | CVE-2023-6376
NAME__________Henschen & Associates court document management software information disclosurePlatforms Affected:Risk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Henschen & Associates court document management software could...
ASR ASR1803 and ASR1806 Chipsets code execution | CVE-2023-49700
NAME__________ASR ASR1803 and ASR1806 Chipsets code executionPlatforms Affected:ASR ASR1803 ASR ASR1806Risk Level:6.7Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________ASR ASR1803 and ASR1806 Chipsets are vulnerable...
Schweitzer Engineering Laboratories SEL-411L information disclosure | CVE-2023-2267
NAME__________Schweitzer Engineering Laboratories SEL-411L information disclosurePlatforms Affected:Schweitzer Engineering Laboratories SEL-411LRisk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Schweitzer Engineering Laboratories SEL-411L could allow a remote...
ASR ASR1803 and ASR1806 Chipsets code execution | CVE-2023-49699
NAME__________ASR ASR1803 and ASR1806 Chipsets code executionPlatforms Affected:ASR ASR1803 ASR ASR1806Risk Level:6.7Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________ASR ASR1803 and ASR1806 Chipsets could allow...
Schweitzer Engineering Laboratories SEL-411L clickjacking | CVE-2023-2265
NAME__________Schweitzer Engineering Laboratories SEL-411L clickjackingPlatforms Affected:Schweitzer Engineering Laboratories SEL-411LRisk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Schweitzer Engineering Laboratories SEL-411L could allow a remote attacker...
Schweitzer Engineering Laboratories SEL-411L cross-site scripting | CVE-2023-2266
NAME__________Schweitzer Engineering Laboratories SEL-411L cross-site scriptingPlatforms Affected:Schweitzer Engineering Laboratories SEL-411LRisk Level:4.3Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Schweitzer Engineering Laboratories SEL-411L is vulnerable to cross-site...
PTC KEPServerEX, ThingWorx, and OPC-Aggregator information disclosure | CVE-2023-5909
NAME__________PTC KEPServerEX, ThingWorx, and OPC-Aggregator information disclosurePlatforms Affected:PTC ThingWorx Kepware Server 8.0 PTC ThingWorx Industrial Connectivity 8.0 PTC OPC-Aggregator 6.14...
Apple Safari, macOS Sonoma, iOS and iPadOS information disclosure | CVE-2023-42916
NAME__________Apple Safari, macOS Sonoma, iOS and iPadOS information disclosurePlatforms Affected:Apple Safari 17.1.1 Apple iOS 17.1.1 Apple iPadOS 17.1.1 Apple macOS...
Schweitzer Engineering Laboratories SEL-411L code execution | CVE-2023-2264
NAME__________Schweitzer Engineering Laboratories SEL-411L code executionPlatforms Affected:Schweitzer Engineering Laboratories SEL-411LRisk Level:4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Schweitzer Engineering Laboratories SEL-411L could allow a local...
Hunters International Ransomware Victim: Builders Hardware and Hollow Metal, Inc[.]
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Hunters International Ransomware Victim: IDESA group, S[.]A[.] De C[.]V[.]
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Hunters International Ransomware Victim: Dr[.] Jaime Schwartz MD, FACS
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Hunters International Ransomware Victim: Garr Silpe, P[.]C[.]
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Hunters International Ransomware Victim: THK Co[.], Ltd[.]
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
