π΄ Paladin Cloud Launches New Cloud Security and Governance Platform π΄
π Read
via "Dark Reading".
The new open source security-as-code platform will help developers and security teams automatically detect security policy violations across the organization's cloud infrastructure.π Read
via "Dark Reading".
Dark Reading
Paladin Cloud Launches New Cloud Security and Governance Platform
The new open source security-as-code platform will help developers and security teams automatically detect security policy violations across the organization's cloud infrastructure.
βΌ CVE-2022-22682 βΌ
π Read
via "National Vulnerability Database".
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.π Read
via "National Vulnerability Database".
ποΈ UK NCSC and ICO urge legal sector to discourage businesses from paying ransomware demands ποΈ
π Read
via "The Daily Swig".
Advice comes as cost of cybercrime βincreasesβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
UK NCSC and ICO urge legal sector to discourage businesses from paying ransomware demands
Advice comes as cost of cybercrime βincreasesβ
β βCallbackβ Phishing Campaign Impersonates Security Firms β
π Read
via "Threat Post".
Victims instructed to make a phone call that will direct them to a link for downloading malware.π Read
via "Threat Post".
Threat Post
βCallbackβ Phishing Campaign Impersonates Security Firms
Victims instructed to make a phone call that will direct them to a link for downloading malware.
βΌ CVE-2022-34466 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V9.11 < V9.15), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.3). An expression injection vulnerability was discovered in the Workflow subsystem of Mendix Runtime, that can affect the running applications. The vulnerability could allow a malicious user to leak sensitive information in a certain configuration.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34748 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Simcenter Femap (All versions < V2022.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17293)π Read
via "National Vulnerability Database".
βΌ CVE-2022-34464 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions), SICAM GridEdge Essential Intel (All versions < V2.7.3), SICAM GridEdge Essential with GDS ARM (All versions), SICAM GridEdge Essential with GDS Intel (All versions < V2.7.3). Affected software uses an improperly protected file to import SSH keys. Attackers with access to the filesystem of the host on which SICAM GridEdge runs, are able to inject a custom SSH key to that file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34272 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to execute code in the context of the current process. (FG-VD-22-037, FG-VD-22-059)π Read
via "National Vulnerability Database".
βΌ CVE-2022-34287 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains a stack corruption vulnerability while parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-052, FG-VD-22-056)π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-34277 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-042)π Read
via "National Vulnerability Database".
βΌ CVE-2022-34284 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-049)π Read
via "National Vulnerability Database".
βΌ CVE-2022-29884 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70ΓΒ°C (All versions < CPC80 V16.30), CP-8000 MASTER MODULE WITH I/O -40/+70ΓΒ°C (All versions < CPC80 V16.30), CP-8021 MASTER MODULE (All versions < CPC80 V16.30), CP-8022 MASTER MODULE WITH GPRS (All versions < CPC80 V16.30). When using the HTTPS server under specific conditions, affected devices do not properly free resources. This could allow an unauthenticated remote attacker to put the device into a denial of service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34290 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains a stack corruption vulnerability while parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-055)π Read
via "National Vulnerability Database".
βΌ CVE-2022-34281 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to execute code in the context of the current process. (FG-VD-22-046)π Read
via "National Vulnerability Database".
βΌ CVE-2022-34278 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-043)π Read
via "National Vulnerability Database".
βΌ CVE-2022-30938 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.40), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint manupulating a specific argument. This could allow an attacker to crash the affected application leading to a denial of service conditionπ Read
via "National Vulnerability Database".
βΌ CVE-2022-34273 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-038)π Read
via "National Vulnerability Database".
βΌ CVE-2022-33736 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Opcenter Quality V13.1 (All versions < V13.1.20220624), Opcenter Quality V13.2 (All versions < V13.2.20220624). The affected applications do not properly validate login information during authentication. This could lead to denial of service condition for existing users or allow unauthenticated remote attackers to successfully login without credentials.π Read
via "National Vulnerability Database".
π€1
βΌ CVE-2022-34285 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-050)π Read
via "National Vulnerability Database".
βΌ CVE-2022-29560 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < 2.15.1), RUGGEDCOM ROX MX5000RE (All versions < 2.15.1), RUGGEDCOM ROX RX1400 (All versions < 2.15.1), RUGGEDCOM ROX RX1500 (All versions < 2.15.1), RUGGEDCOM ROX RX1501 (All versions < 2.15.1), RUGGEDCOM ROX RX1510 (All versions < 2.15.1), RUGGEDCOM ROX RX1511 (All versions < 2.15.1), RUGGEDCOM ROX RX1512 (All versions < 2.15.1), RUGGEDCOM ROX RX1524 (All versions < 2.15.1), RUGGEDCOM ROX RX1536 (All versions < 2.15.1), RUGGEDCOM ROX RX5000 (All versions < 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33138 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). Affected devices do not perform authentication for several web API endpoints. This could allow an unauthenticated remote attacker to read and download data from the device.π Read
via "National Vulnerability Database".