Security CERT Global
- Aktivister sender bølger af DDoS-angreb mod Sverige
- Sårbarheder i ArubaOS
- All-in-One Video Gallery Plugin Authenticated Arbitrary File Upload vulnerability (CVE-2024-4033)
- Code Execution Vulnerability on NVIDIA Triton Inference Server for Linux (CVE-2024-0087)
- Remote code vulnerabilities in Xiaomi Pro 13 smartphone (CVE-2024-4406, CVE-2024-4405, CVE-2023-26322)
- UPDATE ALERT GitLab Community Edition (CE) and GitLab Enterprise Edition (EE): CVSS (Max): 10.0
- nodejs:16: CVSS (Max): 7.5
- chromium: CVSS (Max): None
- OpenShift Container Platform 4.15.11: CVSS (Max): 4.3
- Red Hat Ceph Storage 6.1: CVSS (Max): 8.1
- CyberPower PowerPanel: CVSS (Max): 9.8
- cosign: CVSS (Max): 4.2
- Migration Toolkit for Containers (MTC) 1.7.15: CVSS (Max): 5.9
- PHP: CVSS (Max): 6.5
- Google Chrome: CVSS (Max): None
- OpenJDK 11.0.23: CVSS (Max): 3.7
- Firefox: CVSS (Max): 7.5*
- Delta Electronics DIAEnergie: CVSS (Max): 8.8
- kernel: CVSS (Max): 6.7
- OpenShift Container Platform 4.13.41: CVSS (Max): 8.6
- GNU C Library: CVSS (Max): 9.8
- libxml2: CVSS (Max): 7.5
- OpenShift Container Platform 4.14.23: CVSS (Max): 4.3
- podman: CVSS (Max): 8.6
- rhceph-6.1 container image: CVSS (Max): 7.5
- CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities
- CISA Releases Three Industrial Control Systems Advisories
- Delta Electronics DIAEnergie
- CyberPower PowerPanel
- Flera kritiska sårbarheter i produkter från Aruba Networks
- CERTFR-2024-AVI-0357 : Multiples vulnérabilités dans Cisco IP Phone (02 mai 2024)
- CERTFR-2024-AVI-0359 : Multiples vulnérabilités dans les produits HPE Aruba Networking (02 mai 2024)
- CERTFR-2024-AVI-0358 : Multiples vulnérabilités dans Google Chrome (02 mai 2024)
- CERTFR-2024-AVI-0360 : Multiples vulnérabilités dans dans SonicWall GMS (02 mai 2024)
- Kritische Sicherheitslücken in ArubaOS - Updates verfügbar
- HPE (Hewlett Packard Enterprise) Aruba Networking retter fire kritiske RCE-fejl i ArubaOS
- HPE (Hewlett Packard Enterprise) Aruba Networking retter fire kritiske RCE-fejl i ArubaOS
- IBM MQ for HPE NonStop: CVSS (Max): 7.5
- お知らせ:JPCERT/CC インターネット定点観測レポート[2024年1月1日~2024年3月31日]
- Cisco IP Phone Products: CVSS (Max): 7.5
- IBM Security QRadar SIEM: CVSS (Max): 9.8
- distro-info-data: CVSS (Max): None
- IBM App Connect Enterprise and IBM Integration Bus for z/OS: CVSS (Max): 7.5
- CERT/CC Reports R Programming Language Vulnerability
- CISA and Partners Release Fact Sheet on Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity
- CISA Adds One Known Exploited Vulnerability to Catalog
- JVN: BMCソフトウェアのIPMIにおけるセッションハイジャックの脆弱性
- JVN: Rプログラミング言語の実装において、安全でないデータのデシリアライゼーションが発生する問題(CVE-2024-27322)
- JVN: Delta Electronics製CNCSoft-G2におけるスタックベースのバッファオーバーフローの脆弱性
- Advanced Mobile Solutions (AMS) guidance trailer
SEC Asset Discovery: Automated Asset Discovery in Industrial Control Systems – Exploring the Problem
..Vulnerabilities within Industrial Control Systems (ICS) and Critical National Infrastructure (CNI) represent a significant safety, ecological and economical risk to owners, operators and nation states. Numerous examples from recent years are available to demonstrate that these vulnerabilities are being exploited by threat actors…
http://ewic.bcs.org/upload/pdf/ewic_icscsr2015_paper8.pdf
Tags: Automated Asset Discovery,CNI,Critical National Infrastructure,ICS,ICS Asset Discovery,Industrial Control Systems,