Month: December 2023

News

US-CERT Vulnerability Summary for the Week of November 20, 2023

December 3, 2023

High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- after_effectsAdobe After Effects version 24.0.2 (and earlier) and 23.6 (and...

Akira Ransomware Victim: Bern Hotels & Resort s

December 3, 2023

NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...

SimpleSAMLphp xml-security security bypass | CVE-2023-49087

December 3, 2023

NAME__________SimpleSAMLphp xml-security security bypassPlatforms Affected:SimpleSAMLphp xml-security 5.0.0-alpha.12 SimpleSAMLphp xml-security 1.6.11Risk Level:6.8Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________SimpleSAMLphp xml-security could allow a remote attacker to...

Perl code execution | CVE-2023-47039

December 3, 2023

NAME__________Perl code executionPlatforms Affected:Perl Perl 5.34.0 Perl Perl 5.36.0 Perl Perl 5.38.0Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Perl could allow a local authenticated...

Yokogawa STARDOM denial of service | CVE-2023-5915

December 3, 2023

NAME__________Yokogawa STARDOM denial of servicePlatforms Affected:Yokogawa STARDOM FCN/FCJ R1.01 Yokogawa STARDOM FCN/FCJ R4.31Risk Level:5.3Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Yokogawa STARDOM is vulnerable...

Pimcore Customer Management Framework cross-site request forgery | CVE-2023-49076

December 3, 2023

NAME__________Pimcore Customer Management Framework cross-site request forgeryPlatforms Affected:Pimcore Customer Management Framework 4.0.4Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Pimcore Customer Management Framework is vulnerable...

Perl buffer overflow | CVE-2023-47038

December 3, 2023

NAME__________Perl buffer overflowPlatforms Affected:Perl Perl 5.34.0 Perl Perl 5.36.0 Perl Perl 5.38.0Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Perl is vulnerable to a heap-based...

Sentry Symbolicator server-side request forgery | CVE-2023-49094

December 3, 2023

NAME__________Sentry Symbolicator server-side request forgeryPlatforms Affected:Sentry Symbolicator 0.3.3 Sentry Symbolicator 23.11.1Risk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Sentry Symbolicator is vulnerable to server-side request...

ASR ASR1803 and ASR1806 Chipsets code execution | CVE-2023-49701

December 3, 2023

NAME__________ASR ASR1803 and ASR1806 Chipsets code executionPlatforms Affected:ASR ASR1803 ASR ASR1806Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________ASR ASR1803 and ASR1806 Chipsets could allow...

Catalis CMS360 information disclosure | CVE-2023-6341

December 3, 2023

NAME__________Catalis CMS360 information disclosurePlatforms Affected:Risk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Catalis CMS360 could allow a remote attacker to obtain sensitive information, caused by...

Henschen & Associates court document management software information disclosure | CVE-2023-6376

December 3, 2023

NAME__________Henschen & Associates court document management software information disclosurePlatforms Affected:Risk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Henschen & Associates court document management software could...

ASR ASR1803 and ASR1806 Chipsets code execution | CVE-2023-49700

December 3, 2023

NAME__________ASR ASR1803 and ASR1806 Chipsets code executionPlatforms Affected:ASR ASR1803 ASR ASR1806Risk Level:6.7Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________ASR ASR1803 and ASR1806 Chipsets are vulnerable...

Schweitzer Engineering Laboratories SEL-411L information disclosure | CVE-2023-2267

December 3, 2023

NAME__________Schweitzer Engineering Laboratories SEL-411L information disclosurePlatforms Affected:Schweitzer Engineering Laboratories SEL-411LRisk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Schweitzer Engineering Laboratories SEL-411L could allow a remote...

ASR ASR1803 and ASR1806 Chipsets code execution | CVE-2023-49699

December 3, 2023

Schweitzer Engineering Laboratories SEL-411L clickjacking | CVE-2023-2265

December 3, 2023

NAME__________Schweitzer Engineering Laboratories SEL-411L clickjackingPlatforms Affected:Schweitzer Engineering Laboratories SEL-411LRisk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Schweitzer Engineering Laboratories SEL-411L could allow a remote attacker...

Schweitzer Engineering Laboratories SEL-411L cross-site scripting | CVE-2023-2266

December 3, 2023

NAME__________Schweitzer Engineering Laboratories SEL-411L cross-site scriptingPlatforms Affected:Schweitzer Engineering Laboratories SEL-411LRisk Level:4.3Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Schweitzer Engineering Laboratories SEL-411L is vulnerable to cross-site...

PTC KEPServerEX, ThingWorx, and OPC-Aggregator information disclosure | CVE-2023-5909

December 3, 2023

NAME__________PTC KEPServerEX, ThingWorx, and OPC-Aggregator information disclosurePlatforms Affected:PTC ThingWorx Kepware Server 8.0 PTC ThingWorx Industrial Connectivity 8.0 PTC OPC-Aggregator 6.14...

Apple Safari, macOS Sonoma, iOS and iPadOS information disclosure | CVE-2023-42916

December 3, 2023

NAME__________Apple Safari, macOS Sonoma, iOS and iPadOS information disclosurePlatforms Affected:Apple Safari 17.1.1 Apple iOS 17.1.1 Apple iPadOS 17.1.1 Apple macOS...

Schweitzer Engineering Laboratories SEL-411L code execution | CVE-2023-2264

December 3, 2023

NAME__________Schweitzer Engineering Laboratories SEL-411L code executionPlatforms Affected:Schweitzer Engineering Laboratories SEL-411LRisk Level:4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Schweitzer Engineering Laboratories SEL-411L could allow a local...

Month: December 2023

US-CERT Vulnerability Summary for the Week of November 20, 2023

Akira Ransomware Victim: Bern Hotels & Resort s

SimpleSAMLphp xml-security security bypass | CVE-2023-49087

Perl code execution | CVE-2023-47039

Yokogawa STARDOM denial of service | CVE-2023-5915

Pimcore Customer Management Framework cross-site request forgery | CVE-2023-49076

Perl buffer overflow | CVE-2023-47038

Sentry Symbolicator server-side request forgery | CVE-2023-49094

ASR ASR1803 and ASR1806 Chipsets code execution | CVE-2023-49701

Catalis CMS360 information disclosure | CVE-2023-6341

Henschen & Associates court document management software information disclosure | CVE-2023-6376

ASR ASR1803 and ASR1806 Chipsets code execution | CVE-2023-49700

Schweitzer Engineering Laboratories SEL-411L information disclosure | CVE-2023-2267

ASR ASR1803 and ASR1806 Chipsets code execution | CVE-2023-49699

Schweitzer Engineering Laboratories SEL-411L clickjacking | CVE-2023-2265

Schweitzer Engineering Laboratories SEL-411L cross-site scripting | CVE-2023-2266

PTC KEPServerEX, ThingWorx, and OPC-Aggregator information disclosure | CVE-2023-5909

Apple Safari, macOS Sonoma, iOS and iPadOS information disclosure | CVE-2023-42916

Schweitzer Engineering Laboratories SEL-411L code execution | CVE-2023-2264

Hunters International Ransomware Victim: Builders Hardware and Hollow Metal, Inc[.]

Hunters International Ransomware Victim: IDESA group, S[.]A[.] De C[.]V[.]

Hunters International Ransomware Victim: Dr[.] Jaime Schwartz MD, FACS

Hunters International Ransomware Victim: Garr Silpe, P[.]C[.]

Hunters International Ransomware Victim: THK Co[.], Ltd[.]

[HUNTERS] – Ransomware Victim: Dorner Law & Title Services

[AKIRA] – Ransomware Victim: H2OBX Waterpark

[AKIRA] – Ransomware Victim: HUTTER ACUSTIX

[AKIRA] – Ransomware Victim: Hager Group

[AKIRA] – Ransomware Victim: Travis Pruitt & Associates

You may have missed