βΌ CVE-2023-24561 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24581 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V2023Update2). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted STP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19425)π Read
via "National Vulnerability Database".
βΌ CVE-2023-24983 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19805)π Read
via "National Vulnerability Database".
βΌ CVE-2023-24992 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19814)π Read
via "National Vulnerability Database".
βΌ CVE-2023-24990 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19812)π Read
via "National Vulnerability Database".
βΌ CVE-2023-24994 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19816)π Read
via "National Vulnerability Database".
βΌ CVE-2023-24995 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19817)π Read
via "National Vulnerability Database".
βΌ CVE-2023-24991 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19813)π Read
via "National Vulnerability Database".
βΌ CVE-2023-24996 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19818)π Read
via "National Vulnerability Database".
π΄ Embattled VMware ESXi Hypervisor Flaw Exploitable in Myriad Ways π΄
π Read
via "Dark Reading".
It's not just Internet-accessible hosts that are vulnerable, researchers say.π Read
via "Dark Reading".
Dark Reading
Embattled VMware ESXi Hypervisor Flaw Exploitable in Myriad Ways
It's not just Internet-accessible hosts that are vulnerable, researchers say.
βΌ CVE-2023-24993 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19815)π Read
via "National Vulnerability Database".
βΌ CVE-2023-25140 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.254), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.1 (All versions < V35.1.150), Solid Edge SE2022 (All versions < V2210Update12). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25065 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tabs Γ’β¬β Responsive Tabs Plugin for WordPress plugin <= 2.1.14 versions.π Read
via "National Vulnerability Database".
π΄ SynSaber Launches a Free OT PCAP Analyzer Tool for the Industrial Security Community π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
SynSaber Launches a Free OT PCAP Analyzer Tool for the Industrial Security Community
CHANDLER, Ariz., Feb. 14, 2023 /PRNewswire/ -- SynSaber, an ICS/OT cybersecurity monitoring company, today announced the launch of its OT PCAP Analyzer tool. The free tool allows users to view a high-level breakdown of the device and protocol informationβ¦
π΄ Lessons All Industries Can Learn From Automotive Security π΄
π Read
via "Dark Reading".
Industry standards must evolve as digital transformation makes all companies software companies. Security testing boosts development speed and software quality.π Read
via "Dark Reading".
Dark Reading
Lessons All Industries Can Learn From Automotive Security
Industry standards must evolve as digital transformation makes all companies software companies. Security testing boosts development speed and software quality.
βΌ CVE-2023-0827 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 1.5.17.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25141 βΌ
π Read
via "National Vulnerability Database".
Apache Sling JCR Base < 3.1.12 has a critical injection vulnerability when running on old JDK versions (JDK 1.8.191 or earlier) through utility functions in RepositoryAccessor. The functions getRepository and getRepositoryFromURL allow an application to access data stored in a remote location via JDNI and RMI. Users of Apache Sling JCR Base are recommended to upgrade to Apache Sling JCR Base 3.1.12 or later, or to run on a more recent JDK.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25149 βΌ
π Read
via "National Vulnerability Database".
TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation user. The queries run as part of the telemetry data collection were not run with a locked down `search_path`, allowing malicious users to create functions that would be executed by the telemetry job, leading to privilege escalation. In order to be able to take advantage of this vulnerability, a user would need to be able to create objects in a database and then get a superuser to install TimescaleDB into their database. When TimescaleDB is installed as trusted extension, non-superusers can install the extension without help from a superuser. Version 2.9.3 fixes this issue. As a mitigation, the `search_path` of the user running the telemetry job can be locked down to not include schemas writable by other users. The vulnerability is not exploitable on instances in Timescale Cloud and Managed Service for TimescaleDB due to additional security provisions in place on those platforms.π Read
via "National Vulnerability Database".
π΄ ThreatConnect Closes 2022 with Accelerated Growth in Threat Intelligence Operations (TI Ops) π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
ThreatConnect Closes 2022 with Accelerated Growth in Threat Intelligence Operations (TI Ops)
ARLINGTON, Va., Feb. 14, 2023 /PRNewswire/ -- ThreatConnect, maker of leading threat intelligence operations (TI Ops) and risk quantification solutions, announced today the company's accelerated growth through 2022 and market leading position heading intoβ¦
π΄ Ping Identity and Deloitte Forge Alliance to Give Organizations Advanced Identity and Access Solutions π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Ping Identity and Deloitte Forge Alliance to Give Organizations Advanced Identity and Access Solutions
DENVER, Feb. 14, 2023 /PRNewswire/ -- Ping Identity, the intelligent identity solution for the enterprise, has formed a new strategic alliance with Deloitte, a leader in global security consulting services, to help the organizations' shared clients improveβ¦
ποΈ Password manager security: Which is the right option for me? ποΈ
π Read
via "The Daily Swig".
The first guide of our two-part series helps consumers choose the best way to manage their login credentialsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Password manager security: Which is the right option for me?
The first guide of our two-part series helps consumers choose the best way to manage their login credentials