βΌ CVE-2022-1948 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allowed an attacker to exploit XSS by injecting HTML in contact details.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22648 βΌ
π Read
via "National Vulnerability Database".
Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file.π Read
via "National Vulnerability Database".
βΌ CVE-2016-2138 βΌ
π Read
via "National Vulnerability Database".
In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in xss_clean() in class/KippoInput.class.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27509 βΌ
π Read
via "National Vulnerability Database".
Unauthenticated redirection to a malicious websiteπ Read
via "National Vulnerability Database".
βΌ CVE-2022-35882 βΌ
π Read
via "National Vulnerability Database".
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.1 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2553 βΌ
π Read
via "National Vulnerability Database".
The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22642 βΌ
π Read
via "National Vulnerability Database".
An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system.π Read
via "National Vulnerability Database".
βΌ CVE-2016-2139 βΌ
π Read
via "National Vulnerability Database".
In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in $file_link in class/KippoInput.class.php.π Read
via "National Vulnerability Database".
π΄ What the White House's Cybersecurity Workforce Plan Should Look Like π΄
π Read
via "Dark Reading".
By embracing cybersecurity as a critical part of our national security and education strategy, and working together to invest in opportunities for all, we can create a safer, more secure world.π Read
via "Dark Reading".
Dark Reading
What the White House's Cybersecurity Workforce Plan Should Look Like
By embracing cybersecurity as a critical part of our national security and education strategy, and working together to invest in opportunities for all, we can create a safer, more secure world.
β Threat Actors Pivot Around Microsoftβs Macro-Blocking in Office β
π Read
via "Threat Post".
Cybercriminals turn to container files and other tactics to get around the companyβs attempt to thwart a popular way to deliver malicious phishing payloads.π Read
via "Threat Post".
Threat Post
Threat Actors Pivot Around Microsoftβs Macro-Blocking in Office
Cybercriminals turn to container files and other tactics to get around the companyβs attempt to thwart a popular way to deliver malicious phishing payloads.
π€1
βΌ CVE-2016-6324 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2016-4452 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2016-7049 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2016-4991 βΌ
π Read
via "National Vulnerability Database".
Input passed to the Pdf() function is shell escaped and passed to child_process.exec() during PDF rendering. However, the shell escape does not properly encode all special characters, namely, semicolon and curly braces. This can be abused to achieve command execution. This problem affects nodepdf 1.3.0.π Read
via "National Vulnerability Database".
βΌ CVE-2016-2101 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2016-5428 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2016-5415 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2016-6326 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30313 βΌ
π Read
via "National Vulnerability Database".
Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0051, there is a Honeywell Experion PKS Safety Manager multiple proprietary protocols with unauthenticated functionality issue. The affected components are characterized as: Honeywell Experion TCP (51000/TCP), Safety Builder (51010/TCP). The potential impact is: Manipulate controller state, Manipulate controller configuration, Manipulate controller logic, Manipulate controller files, Manipulate IO. The Honeywell Experion PKS Distributed Control System (DCS) Safety Manager utilizes several proprietary protocols for a wide variety of functionality, including process data acquisition, controller steering and configuration management. These protocols include: Experion TCP (51000/TCP) and Safety Builder (51010/TCP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality. There is no authentication functionality on the protocols in question. An attacker capable of invoking the protocols' functionalities could achieve a wide range of adverse impacts, including (but not limited to), the following: for Experion TCP (51000/TCP): Issue IO manipulation commands, Issue file read/write commands; and for Safety Builder (51010/TCP): Issue controller start/stop commands, Issue logic download/upload commands, Issue file read commands, Issue system time change commands. A mitigating factor with regards to some, but not all, of the above functionality is that these require the Safety Manager physical keyswitch to be in the right position.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30314 βΌ
π Read
via "National Vulnerability Database".
Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The Honeywell Experion PKS Safety Manager utilizes the DCOM-232/485 serial interface for firmware management purposes. When booting, the Safety Manager exposes the Enea POLO bootloader via this interface. Access to the boot configuration is controlled by means of credentials hardcoded in the Safety Manager firmware. The credentials for the bootloader are hardcoded in the firmware. An attacker with access to the serial interface (either through physical access, a compromised EWS or an exposed serial-to-ethernet gateway) can utilize these credentials to control the boot process and manipulate the unauthenticated firmware image (see FSCT-2022-0054).π Read
via "National Vulnerability Database".
βΌ CVE-2016-4458 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.π Read
via "National Vulnerability Database".