CentOS 8 : open-vm-tools (CESA-2023:7265)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:7265 advisory. - VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges...

Cloudflare Breach: Nation-State Hackers Access Source Code and Internal Docs

Cloudflare has revealed that it was the target of a likely nation-state attack in which the threat actor leveraged stolen credentials to gain unauthorized access to its Atlassian server and ultimately access some documentation and a limited amount of source code. The intrusion, which took place...

CVE-2024-24579

The set of documents identifies a path-traversal vulnerability in the Go library stereoscope (containers/image processing). Specifically, the CVE-2024-24579 entry describes a flaw prior to v0.0.1 where crafting an OCI tar archive can cause writes to paths outside the unarchive temporary directory...

Perfecting the Defense-in-Depth Strategy with Automation

Medieval castles stood as impregnable fortresses for centuries, thanks to their meticulous design. Fast forward to the digital age, and this medieval wisdom still echoes in cybersecurity. Like castles with strategic layouts to withstand attacks, the Defense-in-Depth strategy is the modern...

[SECURITY] Fedora 39 Update: gtkwave-3.3.118-1.fc39

GTKWave is a waveform viewer that can view VCD files produced by most Verilog simulation tools, as well as LXT files produced by certain Verilog simulation tools...

[SECURITY] Fedora 38 Update: gtkwave-3.3.118-1.fc38

GTKWave is a waveform viewer that can view VCD files produced by most Verilog simulation tools, as well as LXT files produced by certain Verilog simulation tools...

Fedora: Security Advisory (FEDORA-2024-2647382c5f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Applying the Tyson Principle to Cybersecurity: Why Attack Simulation is Key to Avoiding a KO

Picture a cybersecurity landscape where defenses are impenetrable, and threats are nothing more than mere disturbances deflected by a strong shield. Sadly, this image of fortitude remains a pipe dream despite its comforting nature. In the security world, preparedness is not just a luxury but a...

Siemens Solid Edge Buffer Overflow Vulnerability (CNVD-2024-01409)

Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing and design management. A buffer overflow vulnerability exists in Samsung Solid Edge, which can be exploited by an attacker to execute code in the context of th...

Siemens Solid Edge Buffer Overflow Vulnerability (CNVD-2024-01408)

Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing and design management. A buffer overflow vulnerability exists in Samsung Solid Edge, which can be exploited by an attacker to execute code in the context of th...

Siemens Solid Edge Buffer Overflow Vulnerability (CNVD-2024-01407)

Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing and design management. A buffer overflow vulnerability exists in Samsung Solid Edge, which can be exploited by an attacker to execute code in the context of th...

Siemens Solid Edge Buffer Overflow Vulnerability (CNVD-2024-01402)

Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing and design management. A buffer overflow vulnerability exists in Samsung Solid Edge, which can be exploited by an attacker to execute code in the context of th...

Siemens Solid Edge Out-of-Bounds Write Vulnerability (CNVD-2024-01403)

Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing and design management. Siemens Solid Edge suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute code in the context...

Siemens Solid Edge Uninitialized Pointer Access Vulnerability (CNVD-2024-01401)

Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing and design management. An uninitialized pointer access vulnerability exists in Siemens Solid Edge, which can be exploited by an attacker to execute code in the...

Siemens Solid Edge Out-of-Bounds Read Vulnerability (CNVD-2024-01405)

Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing and design management. Siemens Solid Edge suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context ...

GTKWave VCD get_vartoken realloc use-after-free vulnerabilities

Talos Vulnerability Report TALOS-2023-1806 GTKWave VCD getvartoken realloc use-after-free vulnerabilities January 8, 2024 CVE Number CVE-2023-37576,CVE-2023-37577,CVE-2023-37573,CVE-2023-37578,CVE-2023-37575,CVE-2023-37574 SUMMARY Multiple use-after-free vulnerabilities exist in the VCD getvartok...

GTKWave LXT2 lxt2_rd_iter_radix shift operation integer underflow vulnerabilities

Talos Vulnerability Report TALOS-2023-1824 GTKWave LXT2 lxt2rditerradix shift operation integer underflow vulnerabilities January 8, 2024 CVE Number CVE-2023-39413,CVE-2023-39414 SUMMARY Multiple integer underflow vulnerabilities exist in the LXT2 lxt2rditerradix shift operation functionality of...

GTKWave FST fstReaderIterBlocks2 vesc allocation integer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1790 GTKWave FST fstReaderIterBlocks2 vesc allocation integer overflow vulnerability January 8, 2024 CVE Number CVE-2023-35992 SUMMARY An integer overflow vulnerability exists in the FST fstReaderIterBlocks2 vesc allocation functionality of GTKWave 3.3.115,...

PhantomCrawler - Boost Website Hits By Generating Requests From Multiple Proxy IPs

PhantomCrawler allows users to simulate website interactions through different proxy IP addresses. It leverages Python, requests, and BeautifulSoup to offer a simple and effective way to test website behaviour under varied proxy configurations. Features: Utilizes a list of proxy IP addresses from...

PT-2024-2703 · Siemens · Tecnomatix Plant Simulation

Name of the Vulnerable Software and Affected Versions: Tecnomatix Plant Simulation versions prior to V2201.0012 Tecnomatix Plant Simulation versions prior to V2302.0006 Description: A heap-based buffer overflow vulnerability has been identified in the affected application while parsing specially...