Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-34491PUBLISHED: 2022-06-25
In the RSS extension for MediaWiki through 1.38.1, when the $wgRSSAllowLinkTag config variable was set to true, and a new RSS feed was created with certain XSS payloads within its description tags and added to the $wgRSSUrlWhitelist config variable, stored XSS could occur via MediaWiki's template sy...
CVE-2022-29931PUBLISHED: 2022-06-25Raytion 7.2.0 allows reflected Cross-site Scripting (XSS).
CVE-2022-31017PUBLISHED: 2022-06-25
Zulip is an open-source team collaboration tool. Versions 2.1.0 through and including 5.2 are vulnerable to a logic error. A stream configured as private with protected history, where new subscribers should not be allowed to see messages sent before they were subscribed, when edited causes the serve...
CVE-2022-31016PUBLISHED: 2022-06-25
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in a Denial of Service. The attacker must be an authenticated A...
CVE-2022-24893PUBLISHED: 2022-06-25
ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK (`ESP-BLE-MESH`), a memory corruption vulnerability can be triggered during provisioning, because there is no check for the `SegN` field of the Transaction Start PDU. This can resul...
User Rank: Apprentice
8/22/2018 | 2:44:30 AM
IoT gateways/hubs are the only part that talk to the Internet via TCP/UDP/IP normally with MQTT over HTTPS.
Not only do we use Internet security poor models but also hardware security in the form of SAML11 & Atmel 508a/608a. These chipsets allow public key cryptography in hardware.
We would IDIOT's design a IoT system with poor software security like LoRaWAN.
This system can be cloned on TTN. It uses fixed symmetric keys for each device that they need to store inb a database. IDIOT's designed it.
For education please read up on FIDO/FIOD2 for U2F security tokens for humans also.
Security has been solved, time to hand the keys to the machine.
https://www.switchedonscotland.com/
https://a96.uk/
WAKE UP SHEEP