CVE-2023-0524

As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue...

CVE-2021-45099

The addon.stdin service in addon-ssh aka Home Assistant Community Add-on: SSH & Web Terminal before 10.0.0 has an attack surface that requires social engineering. NOTE: the vendor does not agree that this is a vulnerability; however, addon.stdin was removed as a defense-in-depth measure against...

CVE-2021-39643

In icstartRetrieveEntryValue of acropora/app/identity/ic.c, there is a possible bypass of defense-in-depth due to missing validation of the return value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...

Microsoft Project 2016 Defense in Depth Update (KB5002652)

This host is missing a critical security update according to Microsoft KB5002652 SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Defense-in-Depth Security Updates for Microsoft Project (December 2024)

The Microsoft Project products are missing defense-in-depth security updates to help improve security-related features. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc...

Defense-in-Depth Security Updates for Microsoft SharePoint Server Subscription Edition (November 2024)

The Microsoft SharePoint Server Subscription Edition installation on the remote host is missing defense-in-depth security updates to help improve security-related features. %NASLMINLEVEL 70300 C Tenable, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid211459;...

Description of the security update for SharePoint Enterprise Server 2016: November 12, 2024 (KB5002654)

Description of the security update for SharePoint Enterprise Server 2016: November 12, 2024 KB5002654 Summary This security update for SharePoint Server provides defense-in-depth updates to help improve security-related features. To learn more about the updates, see Microsoft Advisory ADV240001...

Description of the security update for SharePoint Server Subscription Edition: November 12, 2024 (KB5002651)

Description of the security update for SharePoint Server Subscription Edition: November 12, 2024 KB5002651 Summary This security update for SharePoint Server provides defense-in-depth updates to help improve security-related features. To learn more about the updates, see Microsoft Advisory...

Description of the security update for SharePoint Server 2019: November 12, 2024 (KB5002650)

Description of the security update for SharePoint Server 2019: November 12, 2024 KB5002650 Summary This security update for SharePoint Server provides defense-in-depth updates to help improve security-related features. To learn more about the updates, see Microsoft Advisory ADV240001. Notes: This...

AVTECH IP camera

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor : AVTECH SECURITY Corporation Equipment : IP camera Vulnerability : Command Injection 2. RISK EVALUATION Successful exploitation of this...

CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth

EXECUTIVE SUMMARY In early 2023, the Cybersecurity and Infrastructure Security Agency CISA conducted a SILENTSHIELD red team assessment against a Federal Civilian Executive Branch FCEB organization. During SILENTSHIELD assessments, the red team first performs a no-notice, long-term simulation of...

Johnson Controls Illustra Pro Gen 4

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION : Exploitable remotely Vendor : Johnson Controls, Inc. Equipment : Illustra Pro Gen 4 Vulnerability : Dependency on Vulnerable Third-Party Component 2. RISK EVALUATION Successful exploitation of this vulnerability could impact confidentiality...

Custom runtime rules and runtime response policies: new layers of defense

Wiz's custom runtime rules and runtime response policies add new layers to your defense-in-depth strategy...

Inosoft VisiWin

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Low attack complexity/public exploits are available Vendor : Inosoft Equipment : VisiWin Vulnerability : Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain SYSTEM...

Network Threats: A Step-by-Step Attack Demonstration

Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy. Surprisingly, most network attacks are not exceptionally...

Santesoft Sante FFT Imaging

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Santesoft Equipment : Sante FFT Imaging Vulnerability : Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to execute arbitrary code once a user...

Siemens RUGGEDCOM APE1808

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Perfecting the Defense-in-Depth Strategy with Automation

Medieval castles stood as impregnable fortresses for centuries, thanks to their meticulous design. Fast forward to the digital age, and this medieval wisdom still echoes in cybersecurity. Like castles with strategic layouts to withstand attacks, the Defense-in-Depth strategy is the modern...

Malware Scanning: An Essential Layer of Website Security

Wordfence recently launched Wordfence CLI, a high performance command line malware scanner, which makes use of our extensive set of malware detection signatures to rapidly scan file systems for infections. In recent years, the WordPress community has seen a shift in emphasis towards prevention,...

KNX Protocol

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity/known public exploitation Vendor: KNX Association Equipment: KNX devices using KNX Connection Authorization Vulnerability: Overly Restrictive Account Lockout Mechanism 2. RISK EVALUATION Successful exploitation...