Security CERT Global
- CERT-SE:s veckobrev v.18
- CERTFR-2024-AVI-0364 : Multiples vulnérabilités dans le noyau Linux de RedHat (03 mai 2024)
- CERTFR-2024-AVI-0365 : Multiples vulnérabilités dans le noyau Linux d’Ubuntu (03 mai 2024)
- CERTFR-2024-AVI-0362 : Multiples vulnérabilités dans le greffon Media Streaming de Qnap (03 mai 2024)
- CERTFR-2024-AVI-0366 : Multiples vulnérabilités dans les produits IBM (03 mai 2024)
- CERTFR-2024-AVI-0363 : Multiples vulnérabilités dans le noyau Linux de SUSE (03 mai 2024)
- CERTFR-2024-AVI-0361 : Multiples vulnérabilités dans PostgreSQL pgAdmin (03 mai 2024)
- Aktivister sender bølger af DDoS-angreb mod Sverige
- Sårbarheder i ArubaOS
- Remote code vulnerabilities in Xiaomi Pro 13 smartphone (CVE-2024-4406, CVE-2024-4405, CVE-2023-26322)
- Code Execution Vulnerability on NVIDIA Triton Inference Server for Linux (CVE-2024-0087)
- All-in-One Video Gallery Plugin Authenticated Arbitrary File Upload vulnerability (CVE-2024-4033)
- UPDATE ALERT GitLab Community Edition (CE) and GitLab Enterprise Edition (EE): CVSS (Max): 10.0
- nodejs:16: CVSS (Max): 7.5
- podman: CVSS (Max): 8.6
- rhceph-6.1 container image: CVSS (Max): 7.5
- libxml2: CVSS (Max): 7.5
- kernel: CVSS (Max): 6.7
- Firefox: CVSS (Max): 7.5*
- cosign: CVSS (Max): 4.2
- OpenShift Container Platform 4.13.41: CVSS (Max): 8.6
- OpenShift Container Platform 4.15.11: CVSS (Max): 4.3
- GNU C Library: CVSS (Max): 9.8
- CyberPower PowerPanel: CVSS (Max): 9.8
- Google Chrome: CVSS (Max): None
- Migration Toolkit for Containers (MTC) 1.7.15: CVSS (Max): 5.9
- OpenJDK 11.0.23: CVSS (Max): 3.7
- Delta Electronics DIAEnergie: CVSS (Max): 8.8
- OpenShift Container Platform 4.14.23: CVSS (Max): 4.3
- chromium: CVSS (Max): None
- Red Hat Ceph Storage 6.1: CVSS (Max): 8.1
- PHP: CVSS (Max): 6.5
- CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities
- CISA Releases Three Industrial Control Systems Advisories
- Delta Electronics DIAEnergie
- CyberPower PowerPanel
- Flera kritiska sårbarheter i produkter från Aruba Networks
- CERTFR-2024-AVI-0360 : Multiples vulnérabilités dans dans SonicWall GMS (02 mai 2024)
- CERTFR-2024-AVI-0357 : Multiples vulnérabilités dans Cisco IP Phone (02 mai 2024)
- CERTFR-2024-AVI-0359 : Multiples vulnérabilités dans les produits HPE Aruba Networking (02 mai 2024)
- CERTFR-2024-AVI-0358 : Multiples vulnérabilités dans Google Chrome (02 mai 2024)
- Kritische Sicherheitslücken in ArubaOS - Updates verfügbar
- HPE (Hewlett Packard Enterprise) Aruba Networking retter fire kritiske RCE-fejl i ArubaOS
- HPE (Hewlett Packard Enterprise) Aruba Networking retter fire kritiske RCE-fejl i ArubaOS
- IBM MQ for HPE NonStop: CVSS (Max): 7.5
- お知らせ:JPCERT/CC インターネット定点観測レポート[2024年1月1日~2024年3月31日]
- distro-info-data: CVSS (Max): None
- Cisco IP Phone Products: CVSS (Max): 7.5
- IBM Security QRadar SIEM: CVSS (Max): 9.8
- IBM App Connect Enterprise and IBM Integration Bus for z/OS: CVSS (Max): 7.5
SEC Vulnerabilities: Analysis of Exploitable Vulnerability Sequences in Industrial Networked Systems: A Proof of Concepts
Software vulnerabilities can affect the security of any computer and industrial networked systems are no exception. Information about known vulnerabilities and possible countermeasures is being collected and published since several years, however the methodical introduction of changes and/or software patches in many industrial networks is not always possible, so that some known flaws can be left untreated as they are not considered harmful in principle.
http://ewic.bcs.org/upload/pdf/ewic_icscsr2015_paper7.pdf
Tags: Automation,CyberSecurity,ICS,ICS Vulnerabilities,IIot,Industrial Networked Systems,Infrastructure,SCADA,Vulnerability Sequences,