Validating Threat Modeling Results with the Help of Vulnerable Test Applications

Validating threat modeling results remains difficult because completeness is hard to judge without an external oracle. Existing studies often rely on expert-produced reference models and other human baselines, but these can contain omissions or disagreements. This paper evaluates a complementary,...

Siemens Parasolid 缓冲区错误漏洞

Siemens Parasolid is a 3D geometric modeling tool that supports a variety of techniques including solid modeling, direct editing and free-form surface/drawing modeling. An out-of-bounds write vulnerability exists in Siemens Parasolid, which can be exploited by an attacker to execute code in the...

The vulnerabilities of the 3D viewing tool JTJT2Go, the Product Lifecycle Management system Teamcenter Visualization, and the 3D geometric modeling tool Parasolid allow a perpetrator to execute arbitrary code.

The vulnerability of the 3D viewing tool JT, JT2Go, the product lifecycle management system Teamcenter Visualization, and the 3D geometric modeling tool Parasolid relates to reading data beyond the buffer in memory. Exploiting this vulnerability can allow attackers to execute arbitrary code using...

Siemens Parasolid 代码问题漏洞

Siemens Parasolid is a 3D geometric modeling tool that supports a variety of techniques including solid modeling, direct editing and free-form surface/drawing modeling. A null pointer dereference vulnerability exists in Siemens Parasolid, which can be exploited by an attack to crash the applicati...

The vulnerability of Parasolid’s 3D geometric modeling tool and the Teamcenter Visualization product lifecycle management system allows a hacker to execute arbitrary code.

The vulnerability of Parasolid’s 3D geometric modeling tool and the Teamcenter Visualization product lifecycle management system lies in the reading of data outside the buffer in memory. Exploiting this vulnerability can allow attackers to execute arbitrary code...

The vulnerability of Parasolid’s 3D geometric modeling tool and the Teamcenter Visualization product lifecycle management system allows a hacker to execute arbitrary code.

The vulnerability of Parasolid’s 3D geometric modeling tool and the Teamcenter Visualization product lifecycle management system lies in the handling of the zero pointer. Exploiting this vulnerability could allow attackers to execute arbitrary code...

The vulnerability of Parasolid’s 3D geometric modeling tool and Teamcenter Visualization’s product lifecycle management system lies in their ability to distribute resources indefinitely, allowing attackers to trigger service failures.

The vulnerability of Parasolid’s 3D geometric modeling tool and the Teamcenter Visualization product lifecycle management system lies in the unlimited distribution of resources. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

The vulnerability in the web interface of the Cisco Modeling Labs network modeling tool allows a hacker to gain administrator privileges.

The vulnerability of the Cisco Modeling Labs network modeling tool’s web interface is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to gain access to the web interface with administrator privileges...

Microsoft 3D Builder 安全漏洞

Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...

The vulnerability of the lys_node_free() function in the syntax analyzer and modeling tool of the YANG Libyang language, related to the insufficient use of the assert() function, allows attackers to trigger a service failure.

The vulnerability of the lysnodefree function in the syntax analyzer and modeling tool of the YANG Libyang language is related to the insufficient use of the assert function. Exploiting this vulnerability could allow a malicious actor to cause service failures...

CVE-2021-21304

CVE-2021-21304 describes a prototype pollution vulnerability in Dynamoose, located in the internal utility method lib/utils/object/set.ts . Affected are Dynamoose versions from 2.0.0 up to 2.6.x (and v2.x beta/alpha). The vulnerability was fixed in 2.7.0 . There is no evidence of exploitation rep...

Microsoft Releases Free Threat Modeling Tool 2014

Threat modeling has been part of the security culture at Microsoft for the better part of a decade, an important piece of the Security Development Lifecycle that’s at the core of Trustworthy Computing. Today, Microsoft updated its free Threat Modeling Tool with a number of enhancements that bring...

Microsoft Releases New Versions of Software Security Tools

Microsoft has released new versions of several of its software security tools, including its Threat Modeling Tool and a pair of fuzzers. All of the tools are part of the company’s Security Development Lifecycle program, which it has been sharing with external organizations for a few years now...