MG Strategy+

Cybersecurity Data Services

 
  • Join Now-Sign Up
  • Log In
Tag : APAC

Flexera Software Country Reports: United States: United Kingdom: Nordics: France: Benelux: DACH: APAC

  The Flexera Software Country Reports tell you how much vulnerable software is present on private PCs in key countries/regions […]

  • Editor Paper Extracts
  • Editor Picks Articles
  • Editor Picks Maps
  • Editor Picks Reports
  • MGS+ EPCM Workgroup
  • MGS+ ICS Workgroup
  • MGS+ Operational Efficiencies Workgroup
  • MGS+ Partners
  • Uncategorized

001 MGS Alerts Advisories

  • Red Hat Security Advisory 2023-0544-01
    Red Hat Security Advisory 2023-0544-01 - This patch, Camel for Spring Boot 3.14.5 Patch 1, serves as a replacement for the previous release of Camel for Spring Boot 3.14.5 and ... read more
  • Red Hat Security Advisory 2023-0542-01
    Red Hat Security Advisory 2023-0542-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container ... read more
  • Guardz debuts with cybersecurity-as-a-service for small businesses
    Guardz, a Tel Aviv-based startup promising a broad range of out-of-the-box cybersecurity solutions for small and medium-size businesses (SMBs), has announced both a successful $10 million round of seed ... read more
  • IoT, connected devices biggest contributors to expanding application attack surface
    The growth of the internet of things (IoT) and connected devices are the biggest contributing factors to organizations’ expanding attack surfaces. That’s according to a new report from Cisco ... read more
  • CVE-2022-40137 | Lenovo BIOS WMI SMI Pufferüberlauf
    In Lenovo BIOS wurde eine kritische Schwachstelle entdeckt. Es geht um eine nicht näher bekannte Funktion der Komponente WMI SMI Handler. Dank der Manipulation mit unbekannten Daten kann eine Pufferüberlauf-Schwachstelle ... read more
  • CVE-2022-4898 | Octopus Server Help Sidebar Cross Site Scripting
    Es wurde eine Schwachstelle in Octopus Server ausgemacht. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Komponente Help Sidebar. Durch das Manipulieren mit unbekannten Daten kann ... read more
  • CVE-2022-34885 | Motorola MR2600 erweiterte Rechte
    Eine Schwachstelle wurde in Motorola MR2600 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess. Durch das Beeinflussen mit unbekannten Daten kann eine erweiterte Rechte-Schwachstelle ausgenutzt werden. ... read more
  • CVE-2022-40135 | Lenovo BIOS Smart USB Protection SMI Information Disclosure
    Es wurde eine problematische Schwachstelle in Lenovo BIOS entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Komponente Smart USB Protection SMI Handler. Durch Beeinflussen mit unbekannten Daten kann eine Information ... read more
  • CVE-2022-32513 | Schneider Electric C-Bus Network Automation Controller vor 1.10.0 schwache Authentisierung (SEVD-2022-165-06)
    Es wurde eine kritische Schwachstelle in Schneider Electric C-Bus Network Automation Controller, Wiser for C-Bus Automation Controller, Clipsal C-Bus Network Automation Controller, Clipsal Wiser for C-Bus Automation Controller, SpaceLogic C-Bus ... read more
  • CVE-2022-40134 | Lenovo BIOS SMI Set BIOS Password SMI Information Disclosure
    In Lenovo BIOS wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Komponente SMI Set BIOS Password SMI Handler. Durch Manipulieren mit unbekannten Daten ... read more
  • CVE-2023-0591 | ubi-reader bis 0.8.4 UBIFS File ubireader_extract_files Directory Traversal
    In ubi-reader bis 0.8.4 wurde eine kritische Schwachstelle gefunden. Dabei geht es um die Funktion ubireader_extract_files der Komponente UBIFS File Handler. Durch die Manipulation mit unbekannten Daten kann eine Directory ... read more
  • CVE-2022-25979 | jsuites bis 5.0.0 Editor Cross Site Scripting (ID 134)
    Eine problematische Schwachstelle wurde in jsuites bis 5.0.0 entdeckt. Es geht hierbei um die Funktion Editor. Dank Manipulation mit unbekannten Daten kann eine Cross Site Scripting-Schwachstelle ausgenutzt werden. Das Advisory ... read more
  • Privacera connects to Dremio’s data lakehouse to aid data governance
    The integration of open-source based Privacera into Dremio’s data lakehouse is designed to allow joint customer enterprises to manage and organize secure data access. ... read more
  • CVE-2022-4898 | Octopus Server Help Sidebar cross site scripting
    A vulnerability was found in Octopus Server. It has been classified as problematic. This affects an unknown part of the component Help Sidebar. The manipulation leads to cross site scripting. ... read more
  • CVE-2022-40134 | Lenovo BIOS SMI Set BIOS Password SMI out-of-bounds
    A vulnerability was found in Lenovo BIOS. It has been declared as problematic. This vulnerability affects unknown code of the component SMI Set BIOS Password SMI Handler. The manipulation leads ... read more
  • CVE-2022-32517 | Schneider Electric Conext ComBox Frame improper restriction of rendered ui layers (SEVD-2022-165-03)
    A vulnerability has been found in Schneider Electric Conext ComBox and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Frame Handler. The manipulation leads ... read more
  • CVE-2022-32519 | Schneider Electric Data Center Expert prior 7.9.0 storing passwords in a recoverable format (SEVD-2022-165-04)
    A vulnerability was found in Schneider Electric Data Center Expert. It has been classified as problematic. This affects an unknown part. The manipulation leads to storing passwords in a recoverable ... read more
  • CVE-2022-32520 | Schneider Electric Data Center Expert prior 7.9.0 insufficiently protected credentials (SEVD-2022-165-04)
    A vulnerability was found in Schneider Electric Data Center Expert. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to insufficiently protected credentials. This vulnerability ... read more
  • CVE-2022-32518 | Schneider Electric Data Center Expert prior 7.9.0 insufficiently protected credentials (SEVD-2022-165-04)
    A vulnerability was found in Schneider Electric Data Center Expert and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to insufficiently protected credentials. This ... read more
  • CVE-2022-4651 | Justified Gallery Plugin bis 1.7.0 auf WordPress Shortcode Attribute Cross Site Scripting
    In Justified Gallery Plugin bis 1.7.0 wurde eine problematische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Komponente Shortcode Attribute Handler. Dank der Manipulation mit unbekannten Daten kann eine Cross ... read more
  • Trulioo launches end-to-end identity platform
    Identity verification firm Trulioo on Tuesday launched a new global identity platform for “person” and “business” verification. Trulioo so far sold multiple identity products, each operating in their own silos. ... read more
  • Threat actors abuse Microsoft’s “verified publisher” status to exploit OAuth privileges
    Researchers from cybersecurity firm Proofpoint claim to have discovered a new threat campaign involving malicious third-party OAuth apps that are used to infiltrate organizations’ cloud environments. According to a ... read more
  • New UN cybercrime convention has a long way to go in a tight timeframe
    Cybercrime is a growing scourge that transcends borders, spreading across the boundaries of virtually all the world's nearly 200 nation-states. From ransomware attacks to rampant cryptocurrency theft, criminal exploitation ... read more
  • お知らせ:JPCERT/CC インターネット定点観測レポート[2022年10月1日~2022年12月31日]
    ... read more
  • NA – CVE-2022-46087 – CloudSchool v3.0.1 is vulnerable to Cross Site…
    CloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS). A normal user can steal session cookies of the admin users through notification received by the admin user. ... read more
  • NA – CVE-2022-23334 – The Robot application in Ip-label Newtest…
    The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via ... read more
  • NA – CVE-2023-0581 – The PrivateContent plugin for WordPress is…
    The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to ... read more
  • NA – CVE-2022-26872 – AMI Megarac Password reset interception via API
    AMI Megarac Password reset interception via API ... read more
  • NA – CVE-2023-0512 – Divide By Zero in GitHub repository vim/vim…
    Divide By Zero in GitHub repository vim/vim prior to 9.0.1247. ... read more
  • NA – CVE-2023-24830 – Improper Authentication vulnerability in Apache…
    Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 before 0.13.3. ... read more
  • CVE-2016-15023 | SiteFusion Application Server bis 6.6.6 Extension getextension.php Directory Traversal (ID 67)
    Es wurde eine problematische Schwachstelle in SiteFusion Application Server bis 6.6.6 gefunden. Es betrifft eine unbekannte Funktion der Datei getextension.php der Komponente Extension Handler. Durch das Manipulieren mit unbekannten Daten ... read more
  • CVE-2022-4392 | iPanorama 360 Virtual Tour Builder Plugin up to 1.6.29 on WordPress Setting cross site scripting
    A vulnerability classified as problematic has been found in iPanorama 360 Virtual Tour Builder Plugin up to 1.6.29. This affects an unknown part of the component Setting Handler. The manipulation ... read more
  • CVE-2023-22895 | bzip2 up to 0.4.3 Large File mem.rs integer overflow
    A vulnerability was found in bzip2 up to 0.4.3. It has been classified as problematic. This affects an unknown part of the file mem.rs of the component Large File Handler. ... read more
  • CVE-2022-4196 | Multi Step Form Plugin up to 1.7.7 on WordPress cross site scripting
    A vulnerability was found in Multi Step Form Plugin up to 1.7.7 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The ... read more
  • CVE-2023-22898 | Pandora 1.3.0 ZIP Archive workers/extractor.py denial of service
    A vulnerability was found in Pandora 1.3.0. It has been declared as problematic. This vulnerability affects unknown code of the file workers/extractor.py of the component ZIP Archive Handler. The manipulation ... read more
  • CVE-2022-4368 | WP CSV Plugin up to 1.8.0.0 on WordPress CSV Import cross-site request forgery
    A vulnerability was found in WP CSV Plugin up to 1.8.0.0 and classified as problematic. Affected by this issue is some unknown functionality of the component CSV Import. The manipulation ... read more
  • CVE-2023-0018 | SAP BusinessObjects Business Intelligence Platform CMC Application Crystal Reports cross site scripting
    A vulnerability has been found in SAP BusinessObjects Business Intelligence Platform CMC Application 420/430 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Crystal ... read more
  • CVE-2022-4393 | ImageLinks Interactive Image Builder for Plugin up to 1.5.3 on WordPress Setting cross site scripting
    A vulnerability was found in ImageLinks Interactive Image Builder for Plugin up to 1.5.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the ... read more
  • CVE-2022-4497 | Jetpack CRM Plugin up to 5.4 on WordPress Shortcode Attribute cross site scripting
    A vulnerability was found in Jetpack CRM Plugin up to 5.4. It has been classified as problematic. Affected is an unknown function of the component Shortcode Attribute Handler. The manipulation ... read more
  • CVE-2022-23334 | Ip-label Newtest prior 8.5R0 Robot Application NEWTESTREMOTEMANAGER.EXE Privilege Escalation
    A vulnerability was found in Ip-label Newtest. It has been rated as problematic. This issue affects some unknown processing of the file NEWTESTREMOTEMANAGER.EXE of the component Robot Application. The manipulation ... read more
  • CVE-2022-26872 | AMI Megarac API password recovery
    A vulnerability classified as problematic has been found in AMI Megarac. Affected is an unknown function of the component API. The manipulation leads to weak password recovery. This vulnerability is ... read more
  • CVE-2023-0512 | vim up to 9.0.1246 divide by zero
    A vulnerability classified as problematic was found in vim up to 9.0.1246. Affected by this vulnerability is an unknown functionality. The manipulation leads to divide by zero. This vulnerability is ... read more
  • CVE-2022-25967 | eta bis 1.x Template Engine Configuration Remote Code Execution
    In eta bis 1.x wurde eine problematische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Komponente Template Engine Configuration Handler. Durch Manipulieren mit unbekannten Daten kann ... read more
  • 91.00106
    Newly Added (2)Android/Banker.BSF!tr.spyAndroid/SmsSpy.YN!tr.spyModified (10)Adware/DataEye!AndroidAdware/MobiDash!AndroidAndroid/Agent.JDU!trAndroid/Agent.JFW!trAndroid/Banker.BSO!tr.spyAndroid/Cerberus.BL!tr.spyAndroid/FakeApp.LY!trAndroid/FakeApp.QS!trAndroid/Obfus.RV!trRiskware/Application!Android ... read more
  • NA – CVE-2022-25936 – Versions of the package servst before 2.0.3 are…
    Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable. ... read more
  • NA – CVE-2023-24612 – The PdfBook extension through 2.0.5 before…
    The PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allows command injection via an option. ... read more
  • NA – CVE-2023-24622 – isInList in the safeurl-python package before…
    isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF. ... read more
  • NA – CVE-2022-48303 – GNU Tar through 1.34 has a one-byte…
    GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been ... read more
  • NA – CVE-2022-25967 – Versions of the package eta before 2.0.0 are…
    Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. ... read more
  • NA – CVE-2023-24623 – Paranoidhttp before 0.3.0 allows SSRF because…
    Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses. ... read more

MG Strategy+ Industrial Control Systems Group @2019

KAVI MGS iSTRACIN Platform v 02.25 Tuesday, January 31, 2023

  • Disclaimer |
  • Terms |
  • Privacy
  • About-Services |
  • Blog-Reports
  • YouTube
  • Pinterest
  • LinkedIn
  • Twitter
  • LinkedIn
  • Twitter
  • Connect-Contact

Login

Login to integratus systems Exchange Platform Services

Forgot password?
Register Now

Hello

  • Your Account Type is
  • Your Mail Id is
  • Your Username is

PDF Library Search

Security Briefing Search

APAC Search

Reset Password

Reset Password

You have no permission to access this content