βΌ CVE-2023-25140 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.254), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.1 (All versions < V35.1.150), Solid Edge SE2022 (All versions < V2210Update12). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25065 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tabs Γ’β¬β Responsive Tabs Plugin for WordPress plugin <= 2.1.14 versions.π Read
via "National Vulnerability Database".
π΄ SynSaber Launches a Free OT PCAP Analyzer Tool for the Industrial Security Community π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
SynSaber Launches a Free OT PCAP Analyzer Tool for the Industrial Security Community
CHANDLER, Ariz., Feb. 14, 2023 /PRNewswire/ -- SynSaber, an ICS/OT cybersecurity monitoring company, today announced the launch of its OT PCAP Analyzer tool. The free tool allows users to view a high-level breakdown of the device and protocol informationβ¦
π΄ Lessons All Industries Can Learn From Automotive Security π΄
π Read
via "Dark Reading".
Industry standards must evolve as digital transformation makes all companies software companies. Security testing boosts development speed and software quality.π Read
via "Dark Reading".
Dark Reading
Lessons All Industries Can Learn From Automotive Security
Industry standards must evolve as digital transformation makes all companies software companies. Security testing boosts development speed and software quality.
βΌ CVE-2023-0827 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 1.5.17.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25141 βΌ
π Read
via "National Vulnerability Database".
Apache Sling JCR Base < 3.1.12 has a critical injection vulnerability when running on old JDK versions (JDK 1.8.191 or earlier) through utility functions in RepositoryAccessor. The functions getRepository and getRepositoryFromURL allow an application to access data stored in a remote location via JDNI and RMI. Users of Apache Sling JCR Base are recommended to upgrade to Apache Sling JCR Base 3.1.12 or later, or to run on a more recent JDK.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25149 βΌ
π Read
via "National Vulnerability Database".
TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation user. The queries run as part of the telemetry data collection were not run with a locked down `search_path`, allowing malicious users to create functions that would be executed by the telemetry job, leading to privilege escalation. In order to be able to take advantage of this vulnerability, a user would need to be able to create objects in a database and then get a superuser to install TimescaleDB into their database. When TimescaleDB is installed as trusted extension, non-superusers can install the extension without help from a superuser. Version 2.9.3 fixes this issue. As a mitigation, the `search_path` of the user running the telemetry job can be locked down to not include schemas writable by other users. The vulnerability is not exploitable on instances in Timescale Cloud and Managed Service for TimescaleDB due to additional security provisions in place on those platforms.π Read
via "National Vulnerability Database".
π΄ ThreatConnect Closes 2022 with Accelerated Growth in Threat Intelligence Operations (TI Ops) π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
ThreatConnect Closes 2022 with Accelerated Growth in Threat Intelligence Operations (TI Ops)
ARLINGTON, Va., Feb. 14, 2023 /PRNewswire/ -- ThreatConnect, maker of leading threat intelligence operations (TI Ops) and risk quantification solutions, announced today the company's accelerated growth through 2022 and market leading position heading intoβ¦
π΄ Ping Identity and Deloitte Forge Alliance to Give Organizations Advanced Identity and Access Solutions π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Ping Identity and Deloitte Forge Alliance to Give Organizations Advanced Identity and Access Solutions
DENVER, Feb. 14, 2023 /PRNewswire/ -- Ping Identity, the intelligent identity solution for the enterprise, has formed a new strategic alliance with Deloitte, a leader in global security consulting services, to help the organizations' shared clients improveβ¦
ποΈ Password manager security: Which is the right option for me? ποΈ
π Read
via "The Daily Swig".
The first guide of our two-part series helps consumers choose the best way to manage their login credentialsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Password manager security: Which is the right option for me?
The first guide of our two-part series helps consumers choose the best way to manage their login credentials
π΄ Cyber-Physical Systems Vulnerability Disclosures Reach Peak, While Disclosures by Internal Teams Increase 80% Over 18 Months π΄
π Read
via "Dark Reading".
State of XIoT Security Report: 2H 2022 from Claroty's Team82 reveals positive impact by researchers on strengthening XIoT security and increased investment among XIoT vendors in securing their products.π Read
via "Dark Reading".
Dark Reading
Cyber-Physical Systems Vulnerability Disclosures Reach Peak, While Disclosures by Internal Teams Increase 80% Over 18 Months
State of XIoT Security Report: 2H 2022 from Claroty's Team82 reveals positive impact by researchers on strengthening XIoT security and increased investment among XIoT vendors in securing their products.
π΄ Vaultree Appoints Technology Industry Veteran Rinki Sethi to Its Board of Directors π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Vaultree Appoints Technology Industry Veteran Rinki Sethi to Its Board of Directors
CORK, Ireland--(BUSINESS WIRE)-- Vaultree, the Data-In-Use Encryption leader, today announced the appointment of Rinki Sethi to the company's board of directors.
βΌ CVE-2023-24160 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24161 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24159 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4286 βΌ
π Read
via "National Vulnerability Database".
A reflected cross-site scripting (XSS) vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions >=3.00 and <=C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46023 βΌ
π Read
via "National Vulnerability Database".
An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25576 βΌ
π Read
via "National Vulnerability Database".
@fastify/multipart is a Fastify plugin to parse the multipart content-type. Prior to versions 7.4.1 and 6.0.1, @fastify/multipart may experience denial of service due to a number of situations in which an unlimited number of parts are accepted. This includes the multipart body parser accepting an unlimited number of file parts, the multipart body parser accepting an unlimited number of field parts, and the multipart body parser accepting an unlimited number of empty parts as field parts. This is fixed in v7.4.1 (for Fastify v4.x) and v6.0.1 (for Fastify v3.x). There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22564 βΌ
π Read
via "National Vulnerability Database".
Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.π Read
via "National Vulnerability Database".
π΄ Why SecDataOps Is the Future of Your Security Program π΄
π Read
via "Dark Reading".
The goal: Ensure that data is always finely curated and accessible, and that security decisions get made with high-fidelity data.π Read
via "Dark Reading".
Dark Reading
Why SecDataOps Is the Future of Your Security Program
The goal: Ensure that data is always finely curated and accessible, and that security decisions get made with high-fidelity data.
π΄ Configuration Issues in SaltStack IT Tool Put Enterprises at Risk π΄
π Read
via "Dark Reading".
Researchers flag common misconfiguration errors and a template injection technique that could let an attacker take over the IT management network and connected systems.π Read
via "Dark Reading".
Dark Reading
Configuration Issues in SaltStack IT Tool Put Enterprises at Risk
Researchers flag common misconfiguration errors and a template injection technique that could let an attacker take over the IT management network and connected systems.