Top 9 Compliance Automation Software in 2024
By Uzair Amir Simplify compliance with these leading software solutions. Discover features like automated evidence collection, risk assessment, and real-time reporting. Find the perfect fit for your startup or large enterprise. This is a post from HackRead.com Read the original post: Top 9...
7.4AI Score
Nautobot is a Network Source of Truth and Network Automation Platform. A Nautobot user with admin privileges can modify the BANNER_TOP, BANNER_BOTTOM, and BANNER_LOGIN configuration settings via the /admin/constance/config/ endpoint. Normally these settings are used to provide custom banner text...
7.5CVSS
6.1AI Score
0.0004EPSS
Ecava IntegraXor, a suite of tools targeting factory and process automation solutions, is installed on the remote Windows...
2.3AI Score
Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent...
4.7CVSS
7.2AI Score
0.0004EPSS
Exploit for Command Injection in Tp-Link Tapo C200 Firmware
TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE)...
9.8CVSS
8.5AI Score
0.251EPSS
Summary IBM Event Streams are vulnerable in terms of both confidentiality and integrity. Multiple Java components within IBM Event Streams are susceptible to these vulnerabilities, enabling remote attackers to execute malicious actions through these components. Vulnerability Details ** CVEID:...
7.4CVSS
7.1AI Score
0.001EPSS
Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local...
4.7CVSS
4.6AI Score
0.0004EPSS
Issue Overview: 2024-05-09: CVE-2022-33196 was added to this advisory. Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network...
7.5CVSS
7.2AI Score
0.0004EPSS
A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions),...
6.5CVSS
6.3AI Score
0.0004EPSS
An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment...
5.4CVSS
5.9AI Score
0.001EPSS
FreeBSD : R -- arbitrary code execution vulnerability (4a1e2bad-0836-11ef-9fd2-1c697a616631)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4a1e2bad-0836-11ef-9fd2-1c697a616631 advisory. Deserialization of untrusted data can occur in the R statistical programming language, on any...
8.8CVSS
7.1AI Score
0.0004EPSS
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...
6CVSS
6AI Score
0.0004EPSS
Siemens TIA Administrator Detection
The remote host is running Siemens TIA (Totally Integrated Automation) Administrator. This software is used to manage Siemens TIA...
2.3AI Score
CVE-2023-22515 Exploit Script 🔐 This script is designed to...
9.8CVSS
9.8AI Score
0.973EPSS
Important: linux-firmware security update
The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (CVE-2022-46329) hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine...
8.2CVSS
6.9AI Score
0.0005EPSS
Summary IBM Event Streams is vulnerable to a denial of service attack and Phishing attacks due to the follow-redirect and k8s.io/apiMAChinery component. The follow-redirect library is employed in event streams to seamlessly manage HTTP redirects, ensuring smooth navigation between resources...
7.5CVSS
8.5AI Score
0.732EPSS
7.4AI Score
Ivanti EPM Cloud Services Appliance Code Injection
Ivanti EPM Cloud Services Appliance (CSA) before version 4.6.0-512 is susceptible to a code injection vulnerability because it allows an unauthenticated user to execute arbitrary code with limited permissions...
9.8CVSS
9.6AI Score
0.971EPSS
Jenkins LTS < 2.277.2 / Jenkins weekly < 2.287 Multiple Vulnerabilities
According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.277.2 or Jenkins weekly prior to 2.287. It is, therefore, affected by multiple vulnerabilities: Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not...
6.5CVSS
5.2AI Score
0.001EPSS
Exploit for Command Injection in Tp-Link Archer Ax21 Firmware
Description CVE-2023–1389 is an Unauthenticated Command...
8.8CVSS
7.7AI Score
0.069EPSS
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.....
7.4AI Score
0.002EPSS
CVE-2022-21449-TLS-PoC CVE-2022-21449 ([also dubbed Psychic...
7.5CVSS
7.5AI Score
0.001EPSS
Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent...
4.3CVSS
4.9AI Score
0.0004EPSS
7.3AI Score
Microsoft SQL Server Command Execution
This module will execute a Windows command on a MSSQL/MSDE instance via the xp_cmdshell (default) or the sp_oacreate procedure (more opsec safe, no output, no temporary data table). A valid username and password is required to use this...
7.7AI Score
The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit...
6.1CVSS
6.7AI Score
0.0004EPSS
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...
7.9CVSS
7.6AI Score
0.0004EPSS
MovableType - Remote Command Injection
MovableType 5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8. 2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via...
9.8CVSS
9.7AI Score
0.97EPSS
WordPress BulletProof Security 5.1 Information Disclosure
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up....
5.3CVSS
4.9AI Score
0.248EPSS
Apache APISIX - Remote Code Execution
A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. When the admin key was changed or the port of Admin API was changed to a port...
9.8CVSS
9.6AI Score
0.974EPSS
Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024
CVE-2024-4358 An Vulnerability detection and Mass...
9.8CVSS
9.7AI Score
0.938EPSS
Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit this....
7.2CVSS
7.5AI Score
0.0005EPSS
RuggedCom RuggedOS < 3.12.1 Web UI Multiple Security Vulnerabilities
According to its self-reported version, the RuggedCom RuggedOS (ROS) Web UI is affected by multiple vulnerabilities, some of which could allow a remote attacker to gain administrative access to the...
4.8AI Score
Uncontrolled search path in some Libva software maintained by Intel(R) before version 2.20.0 may allow an authenticated user to potentially enable escalation of privilege via local...
6.7CVSS
6.5AI Score
0.0004EPSS
The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature...
7.5CVSS
7.6AI Score
0.001EPSS
7.5CVSS
8.2AI Score
0.958EPSS
An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not...
5.3CVSS
7.1AI Score
0.001EPSS
Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the...
8.8CVSS
9AI Score
0.0005EPSS
Intel Active Management Technology (AMT) Multiple Vulnerabilities (INTEL-SA-00709)
The Intel Management Engine on the remote host has Active Management Technology (AMT) enabled, and, according to its self-reported version, is a version containing multiple vulnerabilities, including the following: Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard...
9.8CVSS
3.5AI Score
0.003EPSS
This High severity org.eclipse.jgit:org.eclipse.jgit Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 of Bamboo Data Center and Server. The latest LTS Bamboo 9.6.0 is not impacted by this Vulnerability. This org.eclipse.jgit:org.eclipse.jgit...
8.8CVSS
7.3AI Score
0.001EPSS
A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions),...
6.5CVSS
6.5AI Score
0.0004EPSS
Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent...
4.7CVSS
5AI Score
0.0004EPSS
Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential...
8.6CVSS
7.1AI Score
0.001EPSS
undici is an HTTP/1.1 client, written from scratch for Node.js.=< [email protected] users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more specifically, inside the content-type header. Example: import { request } from 'undici' const...
5.3CVSS
5.2AI Score
0.001EPSS
An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload (such as alert) via...
5.4CVSS
6AI Score
0.001EPSS
Exploit for OS Command Injection in Tp-Link Tl-Wr840N Firmware
CVE-2022-25064 TP-LINK TL-WR840N RCE via the function...
9.8CVSS
10AI Score
0.012EPSS
Incomplete cleanup in the Intel(R) IPP Cryptography software before version 2021.6 may allow a privileged user to potentially enable information disclosure via local...
5.5CVSS
6.4AI Score
0.0004EPSS
Security Bulletin: AIX is affected by a denial of service due to Python (CVE-2024-0450)
Summary Vulnerability in Python could allow a remote attacker to cause a denial of service (CVE-2024-0450). Python is used by AIX as part of Ansible node management automation. Vulnerability Details ** CVEID: CVE-2024-0450 DESCRIPTION: **Python CPython is vulnerable to a denial of service, caused.....
6.2CVSS
7.3AI Score
0.0005EPSS
StruxureWare SCADA Expert ClearSCADA Detection
StruxureWare SCADA Expert ClearSCADA (formerly Schneider Electric ClearSCADA), a suite of tools targeting factory and process automation solutions, is installed on the remote Windows...
2.7AI Score
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when...
6.5CVSS
6.4AI Score
0.001EPSS