Siemens PROFINET Devices (Update K)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2009-3695

Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service CPU consumption via a crafted 1 EmailField email address or 2 URLField URL that triggers a large amount of backtracking in a regular...

ICSA-19-253-03_Siemens Industrial Products (Update P)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Industrial Products Vulnerabilities: Excessive Data Query Operations in a Large Data Table, Integer Overflow or Wraparound, Uncontrolled Resource Consumption 2. UPDATE INFORMATION...

How to Guide Users to Better Passwords by Learning from Attackers

If you’re human, you’ve probably re-used a password or two. In fact, the majority of internet users between the ages of 18-65 have done so, and the younger you are, the more likely it is that you use just one password for all of your accounts. Article written by: Chris LaConte, Chief Strategy...

Time to Transfer Risk: Why Security Complexity & VPNs Are No Longer Sustainable

We all heed the gospel of patching, but as recent incidents made clear, even cutting-edge disruptors struggle to patch everything, everywhere, and all the time. Maybe this is associated with the growing volume of common vulnerabilities and exposures CVEs. As they say, there is only one way and...

Bluetooth's Complexity Has Become a Security Risk

Bluetooth and Bluetooth Low Energy are incredibly convenient—but increasingly the root of a lot of security lapses...

Dropbox: Algorithmic complexity vulnerability in ZXCVBN leads to remote denial of service attack

@davidrenardy discovered that the ZXCVBN algorithm is quadratic in time complexity, which implies that the user can submit an arbitrarily long password to the library, leading to a potential denial of service attack if performed at scale. Given how ZXCVBN is used at Dropbox, we accept the Denial ...

SANS Reviews the CB Predictive Security Cloud

Understanding The Landscape Day by day, it is becoming more challenging to keep endpoints secure. In the SANS “Endpoint Protection and Response” survey from 2018, 42% of respondents indicated at least one of their endpoints had been compromised, and another 20% didn’t know if any endpoints had be...

CVE-2018-18898

The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing...

ALPINE-CVE-2018-18898

The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing...

CVE-2018-18898

The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing...

CVE-2018-18898

The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing...

Information disclosure

The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing...

CVE-2018-18898

The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing...

CVE-2018-18898

CVE-2018-18898 affects Best Practical Request Tracker (RT) email-ingestion, with versions 4.1.13 through 4.4 vulnerable to a DoS via an algorithmic complexity attack on email address parsing. The issue arises in the parsing component responsible for handling incoming email addresses, enabling rem...

CVE-2018-18898

The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing...

CVE-2018-18898

The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing...

Managing Enterprise Security After the Data Supernova

As the amount of data continues to grow and expand outside of the enterprise, security leaders need to develop a plan to quickly secure it. The big promise of cloud computing was that it would simplify security. Organizations would no longer have to worry about securing their infrastructure becau...

Data Breach Roundup: U.S. Healthcare, Cryptopia, SingHealth and Experian

Millions of people were affected by data breaches in 2018, and 2019 shows no signs of waning activity. The latest round of breaches as of Tuesday includes an attack on a managed-health provider in Indiana, an offensive against a rehab and wellness center in Michigan, millions in purloined funds a...

Uncontrolled Resource Consumption in spray-json when parsing decimal digit fields

Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service resource consumption because of Algorithmic Complexity during the parsing of a field composed of many decimal digits...