CVE-2022-28291

Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an...

CISA Orders Federal Agencies to Regularly Track Network Assets and Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency CISA has issued a new Binding Operational Directive BOD that directs federal agencies in the country to keep track of assets and vulnerabilities on their networks six months from now. To that end, Federal Civilian Executive Branch FCEB...

Intel Halts Spectre Fixes On Older Chips, Citing Limited Ecosystem Support

Intel has halted patches for an array of older chips that would protect them against the Spectre vulnerability, according to a recent microcode update. The microcode update shows that its older products – including Wolfdale, Bloomfield, Clarksfield, Gulftown, Harpertown, Jasper Forest, SoFIA 3GR,...

Secure Elements Class 5 AVR server fails to validate source address of messages

Overview The Secure Elements Class 5 AVR server fails to validate the source address of messages it receives. This may allow an attacker to forge messages to the server. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security product that monitors and...

Secure Elements Class 5 AVR server fails to properly enforce access controls on console operations

Overview The Secure Elements Class 5 AVR server fails to properly enforce access controls on console operations. This may allow a remote attacker to gain unauthorized administrative access to a server. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a...

Secure Elements Class 5 AVR server fails to properly validate pathnames when downloading updates

Overview The Secure Elements Class 5 AVR server fails to properly validate pathnames when downloading updates. This may allow an attacker to overwrite arbitrary files on the server system. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security produc...

Secure Elements Class 5 AVR client fails to properly validate a messages target CEID

Overview The Secure Elements Class 5 AVR client fails to properly validate a message's target CEID. This makes attacks easier, as the attacker does not need to guess the victim's true CEID. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security produ...