Design/Logic Flaw

An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. When parsing the XMLNS value of an ArchiMate project file, if the namespace does not match the expected ArchiMate URL, the parser will access the provided resource. If the provided resource is a UNC path pointing to a share...

CVE-2022-47636

A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file OutSystems Modeling Language, the application will load the following DLLs from the same directory avlibGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using...

CVE-2023-40235

An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. When parsing the XMLNS value of an ArchiMate project file, if the namespace does not match the expected ArchiMate URL, the parser will access the provided resource. If the provided resource is a UNC path pointing to a share...

CVE-2023-40235

An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. When parsing the XMLNS value of an ArchiMate project file, if the namespace does not match the expected ArchiMate URL, the parser will access the provided resource. If the provided resource is a UNC path pointing to a share...

Siemens Parasolid and Teamcenter Visualization Out-of-Bounds Read Vulnerability (CNVD-2023-62046)

Parasolid is a 3D geometric modeling tool that supports a variety of techniques including solid modeling, direct editing, and free-form surface/table modeling.Teamcenter Visualization enables organizations to enhance their product lifecycle management PLM environments with a range of comprehensiv...

Siemens SICAM TOOLBOX II Critical Resource Privilege Assignment Error Vulnerability

SICAM TOOLBOX II is an engineering solution for plants and systems of all sizes. It allows data collection, data modeling, configuration and parameterization. It is used for process information engineering of automation and central control room systems. Siemens SICAM TOOLBOX II suffers from a...

Siemens Parasolid and Teamcenter Visualization Out-of-Bounds Read Vulnerability (CNVD-2023-62045)

Parasolid is a 3D geometric modeling tool that supports a variety of techniques including solid modeling, direct editing, and free-form surface/table modeling.Teamcenter Visualization enables organizations to enhance their product lifecycle management PLM environments with a range of comprehensiv...

Siemens Parasolid and Teamcenter Visualization Out-of-Bounds Read Vulnerability (CNVD-2023-62049)

Parasolid is a 3D geometric modeling tool that supports a variety of techniques including solid modeling, direct editing, and free-form surface/table modeling.Teamcenter Visualization enables organizations to enhance their product lifecycle management PLM environments with a range of comprehensiv...

The software of Cobalt Ashlar-Vellum has vulnerabilities that allow a hacker to execute arbitrary code.

The vulnerability of the Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling is related to an error in the analysis of AR files. Exploiting this vulnerability can allow attackers to execute arbitrary code...

The vulnerability of the application for 3D modeling and Paint 3D printing lies in insufficient validation of input data, allowing a hacker to execute arbitrary code.

The vulnerability of the application for 3D modeling and Paint 3D printing is related to insufficient verification of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created malicious file...

The vulnerability of the application for 3D modeling and Paint 3D printing lies in insufficient validation of input data, allowing a hacker to execute arbitrary code.

The vulnerability of the application for 3D modeling and Paint 3D printing is related to insufficient verification of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created malicious file...

Microsoft Edge 114.0.1823.67 (64-bit) - Information Disclosure

Title:Microsoft Edge 114.0.1823.67 64-bit - Information Disclosure Author: nu11secur1ty Date: 07.06.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/edge?form=MA13FJ&exp=e415 Reference: https://portswigger.net/web-security/information-disclosure,...

The vulnerability of Cobalt’s parametric automated design and 3D modeling software lies in the ability to write data beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of Cobalt’s parametric automated design and 3D modeling software lies in the writing of data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

OWASP TOP 10 API Security Risks: 2023!

The OWASP Top 10 API Security Risks 2023 has arrived! OWASP's API Top 10 is always a highly anticipated release and can be a key component of API security preparedness for the year. As we discussed in API Security Best Practices for a Changing Attack Surface, API usage continues to skyrocket. As ...

PT-2023-5134 · Microsoft · 3D Builder

Name of the Vulnerable Software and Affected Versions: 3D Builder affected versions not specified Description: The issue is related to a buffer overflow in memory when handling WRL files, which can allow an attacker to execute arbitrary code by loading a specially crafted file or link...

The vulnerability in the web interface of the Cisco Modeling Labs network modeling tool allows a hacker to gain administrator privileges.

The vulnerability of the Cisco Modeling Labs network modeling tool’s web interface is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to gain access to the web interface with administrator privileges...

Cisco Releases Security Advisories for Multiple Products

Cisco has released security updates for vulnerabilities affecting Industrial Network Director IND, Modeling Labs, StarOS Software, and BroadbandWorks Network Server. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and...

Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products

Cisco and VMware have released security updates to address critical security flaws in their products that could be exploited by malicious actors to execute arbitrary code on affected systems. The most severe of the vulnerabilities is a command injection flaw in Cisco Industrial Network Director...

Cisco Modeling Labs External Authentication Bypass Vulnerability

A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an unauthenticated, remote attacker to access the web interface with administrative privileges. This vulnerability is due to the improper handling of certain messages that are returned by the associated...

PT-2023-2555 · Cisco · Cisco Modeling Labs

Name of the Vulnerable Software and Affected Versions: Cisco Modeling Labs affected versions not specified Description: The issue is related to the external authentication mechanism of Cisco Modeling Labs, which can be exploited by an unauthenticated, remote attacker to access the web interface...