Forum Topics Started
Viewing 14 topics - 1 through 14 (of 14 total)
-
- Topic
- Voices
- Posts
- Last Post
-
-
Is Patch Prioritization Based on CVSS Scores Alone Misleading? CVSS scores are widely recognized as the industry standard for assessing vulnerability risk. But is it enough to prioritize patching based solely on CVSS scores. Let's talk about it.CVSS scores are widely recognized as the industry standard for assessing vulnerability risk. But is it enough to prioritize patching based solely on CVSS scores. Let's talk about it.
Started by:
in: Debate Central
- 5
- 6
-
SecPod Cyber Bulletin 33rd Issue 1. Trellix Enterprise Security Manager Flaw A security flaw (CVE-2023-38545) in Trellix Enterprise Security Manager has been discovered, potentially exposing sensitive enterprise data. CVSS Score: 9.8 2. IBM Security Verify Vulnerabilities IBM’s Security Verify platform has been found with vario...1. Trellix Enterprise Security Manager Flaw A security flaw (CVE-2023-38545) in Trellix Enterprise Security Manager has been discovered, potentially exposing sensitive enterprise data. CVSS Score: 9.8 2. IBM Security Verify Vulnerabilities IBM’s Security Verify platform has been found with vario...
Started by:
- 1
- 1
-
SecPod Cyber Bulletin 32nd Issue 1. Windows Zero-Days and Firefox Issues The RomCom group has been exploiting zero-day vulnerabilities (CVE-2024-9680 and CVE-2024-49039) in Windows and Firefox, emphasizing the need for continuous monitoring and timely updates. CVSS Score: 9.8,8.8 2. Critical Flaw Detected in ProjectSend A criti...1. Windows Zero-Days and Firefox Issues The RomCom group has been exploiting zero-day vulnerabilities (CVE-2024-9680 and CVE-2024-49039) in Windows and Firefox, emphasizing the need for continuous monitoring and timely updates. CVSS Score: 9.8,8.8 2. Critical Flaw Detected in ProjectSend A criti...
Started by:
- 1
- 1
-
CVE-2024-45710 : SolarWinds Uncontrolled Path Element Escalation Vulnerability SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low-privilege account and local access to the affected node machine. CVSS SCORE: 7.8 (HIGH)SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low-privilege account and local access to the affected node machine. CVSS SCORE: 7.8 (HIGH)
Started by:
- 1
- 1
-
CVE-2024-9486 : Kubernetes Image Builder Security Vulnerability Some Kubernetes Image Builder versions have a security vulnerability where default credentials remain active, potentially allowing root access in clusters using VM images from the Proxmox provider. CVSS SCORE : 9.8 (Critical)Some Kubernetes Image Builder versions have a security vulnerability where default credentials remain active, potentially allowing root access in clusters using VM images from the Proxmox provider. CVSS SCORE : 9.8 (Critical)
Started by:
- 1
- 1
-
CVE-2024-52799 : Argo Workflow Charts Vulnerability Prior to Argo Workflows 0.44.0, the workflow-role granted excessive privileges, including pod/exec creation, enabling arbitrary code execution. This vulnerability was fixed in version 0.44.0, affecting Helm Chart users. CVSS SCORE: 8.3Prior to Argo Workflows 0.44.0, the workflow-role granted excessive privileges, including pod/exec creation, enabling arbitrary code execution. This vulnerability was fixed in version 0.44.0, affecting Helm Chart users. CVSS SCORE: 8.3
Started by:
- 1
- 1
-
CVE-2024-53912 : Veritas Enterprise Vault Vulnerability A #vulnerability in Veritas Enterprise Vault (before 15.2), ZDI-CAN-24341, allows remote attackers to execute arbitrary code via deserialization of untrusted data on a .NET Remoting TCP port. CVSS SCORE: 9.8(CRITICAL)A #vulnerability in Veritas Enterprise Vault (before 15.2), ZDI-CAN-24341, allows remote attackers to execute arbitrary code via deserialization of untrusted data on a .NET Remoting TCP port. CVSS SCORE: 9.8(CRITICAL)
Started by:
- 1
- 1
-
CVE-2024-53674 : HPE Insight Remote Support Vulnerability An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. CVSS SCORE: 7.3 (HIGH)An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. CVSS SCORE: 7.3 (HIGH)
Started by:
- 1
- 1
-
CVE-2024-11789 : Fuji Electric Vulnerability The Fuji Electric Monitouch V-SFT V10 contains a stack-based buffer overflow #vulnerability (ZDI-CAN-24448) in the parsing of V10 files, allowing remote code execution. CVSS SCORE: 7.8 (HIGH)The Fuji Electric Monitouch V-SFT V10 contains a stack-based buffer overflow #vulnerability (ZDI-CAN-24448) in the parsing of V10 files, allowing remote code execution. CVSS SCORE: 7.8 (HIGH)
Started by:
- 1
- 1
-
CVE-2024-9852 The Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64, Mitsubishi Electric GENESIS64, and MC Works64 allows local authenticated attackers to execute malicious code, potentially leading to data loss or DoS. CVSS SCORE: 7.8 (HIGH)The Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64, Mitsubishi Electric GENESIS64, and MC Works64 allows local authenticated attackers to execute malicious code, potentially leading to data loss or DoS. CVSS SCORE: 7.8 (HIGH)
Started by:
- 1
- 1
-
SecPod Cyber Bulletin 31st Issue SecPod Cyber Bulletin 31st Issue Dell Enterprise SONiC Vulnerabilities Dell Technologies has disclosed three critical security vulnerabilities (CVE-2024-45763, CVE-2024-45764, and CVE-2024-45765) affecting its Enterprise SONiC (Software for Open Networking in the Cloud) operating system. CVSS Scor...SecPod Cyber Bulletin 31st Issue Dell Enterprise SONiC Vulnerabilities Dell Technologies has disclosed three critical security vulnerabilities (CVE-2024-45763, CVE-2024-45764, and CVE-2024-45765) affecting its Enterprise SONiC (Software for Open Networking in the Cloud) operating system. CVSS Scor...
Started by:
- 1
- 1
-
SecPod Cyber Bulletin 29th Issue Apple VisionOS 2.1 Security Vulnerabilities Apple’s VisionOS 2.1 has been found to contain several critical vulnerabilities (CVE-2024-44255 and CVE-2024-44273) that could allow attackers to exploit the system. CVSS Score: 7.8, 8.4 Chrome Security: Out-of-Bounds WebRTC Vulnerability Google Chrome’...Apple VisionOS 2.1 Security Vulnerabilities Apple’s VisionOS 2.1 has been found to contain several critical vulnerabilities (CVE-2024-44255 and CVE-2024-44273) that could allow attackers to exploit the system. CVSS Score: 7.8, 8.4 Chrome Security: Out-of-Bounds WebRTC Vulnerability Google Chrome’...
Started by:
- 1
- 1
-
SecPod CyberBulletin 29th Issue Apple VisionOS 2.1 Security Vulnerabilities Apple’s VisionOS 2.1 has been found to contain several critical vulnerabilities (CVE-2024-44255 and CVE-2024-44273) that could allow attackers to exploit the system. CVSS Score: 7.8, 8.4 Chrome Security: Out-of-Bounds WebRTC Vulnerability Google Chrome’...Apple VisionOS 2.1 Security Vulnerabilities Apple’s VisionOS 2.1 has been found to contain several critical vulnerabilities (CVE-2024-44255 and CVE-2024-44273) that could allow attackers to exploit the system. CVSS Score: 7.8, 8.4 Chrome Security: Out-of-Bounds WebRTC Vulnerability Google Chrome’...
Started by:
- 1
- 1
-
How to enable SSO authentication policy in SanerNow? Single sign-on (SSO) is an authentication method that enables users to securely log in to multiple applications and websites with one set of credentials. SanerNow supports SAML v2 based SSO providers. SSO works based upon a trust relationship setup between an application (SanerNow), known as the ser...Single sign-on (SSO) is an authentication method that enables users to securely log in to multiple applications and websites with one set of credentials. SanerNow supports SAML v2 based SSO providers. SSO works based upon a trust relationship setup between an application (SanerNow), known as the ser...
Started by:
- 1
- 1
-
Viewing 14 topics - 1 through 14 (of 14 total)