Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

CVE-2022-28689: TALOS-2022-1521 || Cisco Talos Intelligence Group

A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.

CVE
Open in Source
#vulnerability#cisco#intel#acer#auth#ssh#telnet
CVE-2022-26023: TALOS-2022-1520 || Cisco Talos Intelligence Group

A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2022-32588: TALOS-2022-1544 || Cisco Talos Intelligence Group

An out-of-bounds write vulnerability exists in the PICT parsing pctwread_14841 functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-43120: Cross Site Scripting (XSS) in Add Field Page · Issue #894 · intelliants/subrion

A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field.

CVE-2022-43121: Cross Site Scripting (XSS) in Members Add · Issue #895 · intelliants/subrion

A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field.

Industrial Control Systems (ICS) Security Market Worth $23.7B by 2027, Report Says

The market growth is driven by the convergence of IT and OT systems. By region, North America is estimated to account for the largest market size during the forecast period.

APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network

The Russia-linked APT29 nation-state actor has been found leveraging a "lesser-known" Windows feature called Credential Roaming as part of its attack against an unnamed European diplomatic entity. "The diplomatic-centric targeting is consistent with Russian strategic priorities as well as historic APT29 targeting," Mandiant researcher Thibault Van Geluwe de Berlaere said in a technical write-up.

Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days

Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately

It's Time to See Cybersecurity Regulation as a Friend, Not a Foe

There's real value in having a better perspective around future regulation and compliance requirements.

Bugcrowd Names David Gerry Chief Executive Officer

AppSec and Cybersecurity veteran will leverage his strong institutional experience as demand for crowdsourced cybersecurity solutions grows.