Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-34491PUBLISHED: 2022-06-25
In the RSS extension for MediaWiki through 1.38.1, when the $wgRSSAllowLinkTag config variable was set to true, and a new RSS feed was created with certain XSS payloads within its description tags and added to the $wgRSSUrlWhitelist config variable, stored XSS could occur via MediaWiki's template sy...
CVE-2022-29931PUBLISHED: 2022-06-25Raytion 7.2.0 allows reflected Cross-site Scripting (XSS).
CVE-2022-31017PUBLISHED: 2022-06-25
Zulip is an open-source team collaboration tool. Versions 2.1.0 through and including 5.2 are vulnerable to a logic error. A stream configured as private with protected history, where new subscribers should not be allowed to see messages sent before they were subscribed, when edited causes the serve...
CVE-2022-31016PUBLISHED: 2022-06-25
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in a Denial of Service. The attacker must be an authenticated A...
CVE-2022-24893PUBLISHED: 2022-06-25
ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK (`ESP-BLE-MESH`), a memory corruption vulnerability can be triggered during provisioning, because there is no check for the `SegN` field of the Transaction Start PDU. This can resul...
User Rank: Ninja
6/11/2020 | 12:17:08 PM
From my understanding, most of the printers are behind firewalls; however, if there is lateral/horizontal movement, the end-user or admin has bigger problems that need to be addressed (per the statement made by the speaker). In certain instances, I can see where certain cameras might be affected because they are connected directly to the internet (traffic cameras) and some of their IP Addresses are made public, but I am not sure how many IOT devices are connected directly to the internet. There is a site on the web that indicates a number of devices connected directly to the internet but that is part of another conversation - https://www.shodan.io/explore
I do see limitations in the statements made but it is possible, we just need to remain vigilant. A possible remidy would be to connect using SHA Hash 256 to the OS because the system could determine if the hash was found on the network or a token process where a PIN is used (a number of printers have this capability but most people don't use it).
Todd