Empower Your Security Team With Our Robust Script Library

Introduction Qualys Custom Assessment and Remediation CAR lets you leverage your same Qualys Cloud Agent for custom detection and remediation measures. Yes, the same agent you rely on for VMDR, Patch Management, Policy Compliance, EDR, or FIM can now be used for custom detection and response...

The Software-Defined Car

Developers are starting to talk about the software-defined car. For decades, features have accumulated like cruft in new vehicles: a box here to control the antilock brakes, a module there to run the cruise control radar, and so on. Now engineers and designers are rationalizing the way they go...

CVE-2022-45938

An issue was discovered in Comcast Defined Technologies microeisbss through 2021. An attacker can inject a stored XSS payload in the Device ID field under Inventory Management to achieve Remote Code Execution and privilege escalation...

Privilege escalation

An issue was discovered in Comcast Defined Technologies microeisbss through 2021. An attacker can inject a stored XSS payload in the Device ID field under Inventory Management to achieve Remote Code Execution and privilege escalation...

CVE-2022-45938

An issue was discovered in Comcast Defined Technologies microeisbss through 2021. An attacker can inject a stored XSS payload in the Device ID field under Inventory Management to achieve Remote Code Execution and privilege escalation...

Comcast Defined Technologies microeisbss 跨站脚本漏洞

Comcast Defined Technologies microeisbss is a Comcast Defined Technologies USB specification that is used by smartphones, tablets, digital cameras, and more. A security vulnerability exists in Comcast Defined Technologies microeisbss version 2021 and earlier versions. An attacker could exploit th...

CVE-2022-45938

An issue was discovered in Comcast Defined Technologies microeisbss through 2021. An attacker can inject a stored XSS payload in the Device ID field under Inventory Management to achieve Remote Code Execution and privilege escalation...

CVE-2022-45938

CVE-2022-45938 affects Comcast Defined Technologies microeisbss (through 2021). A stored XSS in the Device ID field under Inventory Management can lead to Remote Code Execution and privilege escalation. Multiple sources corroborate the impact (RCE and privilege escalation) and indicate the issue ...

CVE-2023-2983

Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23...

Privilege escalation

Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23...

Siemens SICAM P850 and P855 Devices Session Fixation (CVE-2022-40226)

A vulnerability has been identified in SICAM P850 All versions V3.10, SICAM P855 All versions V3.10. Affected devices accept user defined session cookies and do not renew the session cookie after login/logout. This could allow an attacker to take over another user's session after login. This plug...

Open Networking Foundation ONOS 资源管理错误漏洞

Open Networking Foundation ONOS is an open source SDN controller from Open Networking Foundation open source. for building next-generation SDN/NFV solutions. A security vulnerability exists in Open Networking Foundation ONOS version 2.5.1 that stems from a request to clear intents retained in a...

Open Networking Foundation ONOS 安全漏洞

Open Networking Foundation ONOS is an open source SDN controller from Open Networking Foundation open source. It is used to build next-generation SDN/NFV solutions. A security vulnerability exists in Open Networking Foundation ONOS version 2.5.1, which stems from a problem with the intents...

Security Issues in FINS protocol

Overview FINS Factory Interface Network Service is a message communication protocol, which is designed to be used in closed FA Factory Automation networks, and is used in FA networks composed of Omron products. FINS commands enable to read/write information, conduct various operations and set the...

SAP NetWeaver AS Java Multiple Vulnerabilities (April 2023)

SAP NetWeaver Application Server for Java is affected by multiple vulnerabilities, including the following: - SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to...

Cisco SD-WAN vManage Software 跨站请求伪造漏洞

Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco. A security vulnerability exists in Cisco SD-WAN vManage Software due to insufficient CSRF protection in the web-based management interface on affected systems...

Heap overflow

An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123.. A heap-based buffer overflow in the 5G MM message codec can occur due to insufficient...

SAMSUNG Mobile Chipset 缓冲区错误漏洞

SAMSUNG Mobile Chipset is a series of chips from the South Korean company Samsung SAMSUNG. SAMSUNG Mobile Chipset and Baseband Modem Chipset's Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, Exynos Auto T5123, and Exynos W920 have a buffer erro...

Aruba Networks ArubaOS 命令注入漏洞

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks including Mobility Controllers and Mobility Access Switches from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks ArubaOS that originates from an authenticated command injection vulnerability i...

Aruba Networks ArubaOS 命令注入漏洞

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks including Mobility Controllers and Mobility Access Switches from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks ArubaOS that originates from an authenticated command injection vulnerability i...