🕴 CISA Alert on ICS, SCADA Devices Highlights Growing Enterprise IoT Security Risks 🕴
📖 Read
via "Dark Reading".
Omdia Senior Analyst Hollie Hennessy says the new threat to multiple ICS and SCADA devices underscores the importance of a rapid response to IoT and OT security risks.📖 Read
via "Dark Reading".
Dark Reading
CISA Alert on ICS, SCADA Devices Highlights Growing Enterprise IoT Security Risks
Omdia Senior Analyst Hollie Hennessy says the new threat to multiple ICS and SCADA devices underscores the importance of a rapid response to IoT and OT security risks.
‼ CVE-2021-42230 ‼
📖 Read
via "National Vulnerability Database".
Seowon 130-SLC router all versions as of 2021-09-15 is vulnerable to Remote Code Execution via the queriesCnt parameter.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-27849 ‼
📖 Read
via "National Vulnerability Database".
Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21159 ‼
📖 Read
via "National Vulnerability Database".
A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23865 ‼
📖 Read
via "National Vulnerability Database".
Nyron 1.0 is affected by a SQL injection vulnerability through Nyron/Library/Catalog/winlibsrch.aspx. To exploit this vulnerability, an attacker must inject '"> on the thes1 parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29268 ‼
📖 Read
via "National Vulnerability Database".
Bitrix through 7.5.0 allows remote attackers to execute arbitrary code by using the restore.php Upload From Local Disk feature.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27852 ‼
📖 Read
via "National Vulnerability Database".
Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities in KB Support (WordPress plugin) <= 1.5.5📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26594 ‼
📖 Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form field's help text to (1) Forms module's form builder, or (2) App Builder module's object form view's form builder.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36828 ‼
📖 Read
via "National Vulnerability Database".
Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Maintenance (WordPress plugin) <= 6.0.4 affects multiple inputs.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27258 ‼
📖 Read
via "National Vulnerability Database".
Multiple Cross-Site Scripting (XSS) vulnerabilities in Hubzilla 7.0.3 and earlier allows remote attacker to include arbitrary web script or HTML via the rpath parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27850 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27851 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) <= 6.1.7 allows an attacker to deactivate the API key.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36205 ‼
📖 Read
via "National Vulnerability Database".
Under certain circumstances the session token is not cleared on logout.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28109 ‼
📖 Read
via "National Vulnerability Database".
Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a malicious remote web server. The WebDriver endpoint of Selenium Server (Grid) is vulnerable to DNS rebinding. This can be used to execute arbitrary code on the machine.📖 Read
via "National Vulnerability Database".
🕴 Cloud Cost, Reliability Raise IT Concerns 🕴
📖 Read
via "Dark Reading".
IT professionals worry most about cloud security, but other questions arise about training, functionality, and performance.📖 Read
via "Dark Reading".
Dark Reading
Cloud Cost, Reliability Raise IT Concerns
IT professionals worry most about cloud security, but other questions arise about training, functionality, and performance.
‼ CVE-2022-26904 ‼
📖 Read
via "National Vulnerability Database".
Windows User Profile Service Elevation of Privilege Vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26907 ‼
📖 Read
via "National Vulnerability Database".
Azure SDK for .NET Information Disclosure Vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24544 ‼
📖 Read
via "National Vulnerability Database".
Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24486.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24541 ‼
📖 Read
via "National Vulnerability Database".
Windows Server Service Remote Code Execution Vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26914 ‼
📖 Read
via "National Vulnerability Database".
Win32k Elevation of Privilege Vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23257 ‼
📖 Read
via "National Vulnerability Database".
Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22008, CVE-2022-22009, CVE-2022-24537.📖 Read
via "National Vulnerability Database".