Lucene search
K

289 matches found

ICS
ICS
added 2023/01/12 12:0 a.m.29 views

Hitachi Energy Lumada APM

1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Lumada APM Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to any...

7.1CVSS6.3AI score0.00372EPSS
Exploits0References3
Wiz blog
Wiz blog
added 2023/01/05 5:0 p.m.16 views

Lateral movement risks in the cloud and how to prevent them – Part 2: from compromised container to cloud takeover

In this second blog post, we will discuss lateral movement risks from Kubernetes to the cloud. We will explain attacker TTPs, and outline best practices for security practitioners and cloud builders to help secure their cloud environments and mitigate risk...

6.9AI score
Exploits0
ICS
ICS
added 2022/12/20 12:0 a.m.40 views

Delta 4G Router DX-3021

1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor : Delta Industrial Automation Equipment: 4G Router DX-3021 Vulnerabilities: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated user to...

9.1CVSS8.8AI score0.04757EPSS
Exploits1References4
Imperva Blog
Imperva Blog
added 2022/11/29 12:8 p.m.23 views

The 5 Core Principles of the Zero-Trust Cybersecurity Model

When even the US Government concludes that to ensure baseline security practices are in place and to realize the security benefits of cloud-based infrastructure while mitigating associated risks, they must migrate to a zero-trust model, every organization should be actively moving in that...

0.1AI score
Exploits0
NVD
NVD
added 2022/11/01 9:15 p.m.27 views

CVE-2022-27584

Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby...

9.8CVSS0.01235EPSS
Exploits0References1
Prion
Prion
added 2022/11/01 9:15 p.m.21 views

Design/Logic Flaw

Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby...

7.5CVSS9.6AI score0.01235EPSS
Exploits0References1
CVE
CVE
added 2022/11/01 12:0 a.m.65 views

CVE-2022-27584

The CVE-2022-27584 entry describes a password recovery vulnerability in SICK SIM2000ST (Partnumber 1080579) where an unprivileged, remote attacker can invoke the password recovery mechanism to gain access at RecoverableUserLevel, increasing privileges and impacting confidentiality, integrity, and...

9.8CVSS9.6AI score0.01235EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/11/01 12:0 a.m.45 views

CVE-2022-27582

CVE-2022-27582 affects SICK SIM4000 (PPC) Partnumber 1078787, with versions <= 1.10.1. A password recovery mechanism allows an unprivileged remote attacker to gain access to the user level RecoverableUserLevel, resulting in privilege elevation and impact to confidentiality, integrity, and avai...

9.8CVSS9.6AI score0.01235EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/11/01 12:0 a.m.25 views

CVE-2022-27582

Password recovery vulnerability in SICK SIM4000 PPC Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and there...

9.9AI score0.01235EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/11/01 12:0 a.m.32 views

CVE-2022-27584

Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby...

9.9AI score0.01235EPSS
Exploits0References1
OSV
OSV
added 2022/10/27 6:36 p.m.24 views

GHSA-3FH5-Q6FG-W28Q Prototype pollution in Snowboard framework

Impact The Snowboard framework in affected versions is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader. Patches This issue has been patched in https://github.com/wintercms/winter/commit/2a13faf99972e84c9661258f16c4750fa99d29a1 for 1.2 and...

8.1CVSS8.9AI score0.01027EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/10/27 6:36 p.m.26 views

Prototype pollution in Snowboard framework

Impact The Snowboard framework in affected versions is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader. Patches This issue has been patched in https://github.com/wintercms/winter/commit/2a13faf99972e84c9661258f16c4750fa99d29a1 for 1.2 and...

9.8CVSS9AI score0.01027EPSS
Exploits0References7Affected Software1
ICS
ICS
added 2022/10/27 12:0 a.m.31 views

Trihedral VTScada

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Trihedral Equipment: VTScada Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition in the affected product...

7.5CVSS7.9AI score0.00663EPSS
Exploits0References5
OSV
OSV
added 2022/10/26 12:0 a.m.27 views

CVE-2022-39357 Winter vulnerable to Prototype Pollution in Snowboard framework

Winter is a free, open-source content management system based on the Laravel PHP framework. The Snowboard framework in versions 1.1.8, 1.1.9, and 1.2.0 is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader. The 1.0 branch of Winter is not affected, as it do...

8.1CVSS9AI score0.01027EPSS
Exploits0References7
ICS
ICS
added 2022/08/30 12:0 a.m.57 views

Hitachi Energy MSM Product

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MSM Product Vulnerability: Reliance on Uncontrolled Component 2. RISK EVALUATION Successful exploitation of this vulnerability could disrupt the functionality of the MSM web...

9.1CVSS8.8AI score0.2258EPSS
Exploits3References5
ICS
ICS
added 2022/08/11 12:0 a.m.52 views

Emerson ROC800, ROC800L and DL8000

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: High attack complexity Vendor: Emerson Equipment: ROC800, ROC800L and DL8000 Vulnerability: Insufficient Verification of Data Authenticity CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in multiple operational...

9.8CVSS9.8AI score0.0042EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2022/07/13 6:4 a.m.43 views

Researchers Uncover New Attempts by Qakbot Malware to Evade Detection

The operators behind the Qakbot malware are transforming their delivery vectors in an attempt to sidestep detection. "Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names with common formats, and Excel XLM 4.0 to trick...

1.9AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/07/08 12:56 p.m.21 views

Fundamental Security Concepts and Best Practices Every Game Developer Should Know

Gaming is now the world’s favorite form of entertainment, with Newzoo reporting that by 2023 there will be more than three billion gamers across the planet. With the growth of multiplayer games, however, the number of cheaters has also increased. A study by The New York Times found that almost 50...

7.5AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/06/23 4:0 p.m.27 views

Detecting malicious key extractions by compromised identities for Azure Cosmos DB

Azure Cosmos DB is a fully managed NoSQL cloud database service for modern app development. It offers a variety of advanced built-in features, such as automatic worldwide data replication, lightning-fast response types, and a variety of APIs. In this blog post, we describe security practices for...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/05/26 8:3 a.m.26 views

Twitter Fined $150 Million for Misusing Users' Data for Advertising Without Consent

Twitter, which is in the process of being acquired by Tesla CEO Elon Musk, has agreed to pay $150 million to the U.S. Federal Trade Commission FTC to settle allegations that it abused non-public information collected for security purposes to serve targeted ads. In addition to the monetary penalty...

0.5AI score
Exploits0
Rows per page
Query Builder