2265 matches found
Mastering Industrial Cybersecurity: The Significance of Combining Vulnerability Management with Detection and Response
Written by Elad Ben-Meir, CEO SCADAfence, a Honeywell company. In today's digital era, where industries are increasingly reliant on advanced technologies, safeguarding critical infrastructure against cyber threats has become paramount. The convergence of operational technology OT and information...
CVE-2023-48374
SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service o...
CVE-2023-48374
SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service o...
CVE-2023-48374
The CVE-2023-48374 entry pertains to SmartStar Software CWS, a web-based integration platform. The vulnerability is described as using a hard-coded credential for a specific low-privilege account, enabling an unauthenticated remote attacker to run partial processes and view partial information. T...
CVE-2023-48374 SmartStar Software CWS Web-Base - Use of Hard-coded Credentials
SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service o...
PT-2023-30801 · Unknown · Smartstar Software Cws
Name of the Vulnerable Software and Affected Versions: SmartStar Software CWS affected versions not specified Description: The issue is related to the use of a hard-coded account with low privilege in SmartStar Software CWS, a web-based integration platform. An unauthenticated remote attacker can...
Modern Attack Surface Management (ASM) for SecOps
Today’s attack surface requires modern processes and security solutions. Explore the tenants of modern attack surface management ASM and what SecOps need to look for in an ASM solution...
CVE-2023-6795
An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall...
CVE-2023-6792
An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall...
Command injection
An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall...
Design/Logic Flaw
An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall...
CVE-2023-6794 PAN-OS: File Upload Vulnerability in the Web Interface
An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall...
CVE-2023-6794
CVE-2023-6794 affects Palo Alto Networks PAN-OS: an arbitrary file upload vulnerability in the web interface allows an authenticated read‑write administrator to disrupt system processes and potentially execute arbitrary code with limited privileges. Affected versions include PAN-OS 8.1.x before 8...
CVE-2023-6792 PAN-OS: OS Command Injection Vulnerability in the XML API
An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall...
PAN-OS: File Upload Vulnerability in the Web Interface
An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. Work around: This issue...
postgresql: Role pg_signal_backend can signal certain superuser processes.
A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...
CVE-2020-12615
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes...
CVE-2020-12615
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes...
postgresql: Role pg_signal_backend can signal certain superuser processes.
A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...
Python Security Vulnerabilities
Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python version 3.12.0 that stems from the fact that when using the empty...