Missing validation causes denial of service via `LSTMBlockCell`
Impact The implementation of tf.raw_ops.LSTMBlockCell does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: ```python import tensorflow as tf tf.raw_ops.LSTMBlockCell( x=tf.constant(0.837607, shape=[28,29],...
5.5CVSS
3.3AI Score
0.001EPSS
A vulnerability classified as problematic has been found in CodeAstro University Management System 1.0. Affected is an unknown function of the file /att_add.php of the component Attendance Management. The manipulation of the argument Student Name leads to cross site scripting. It is possible to...
5.2AI Score
0.001EPSS
The Not-so-True People-Search Network from China
It's not unusual for the data brokers behind people-search websites to use pseudonyms in their day-to-day lives (you would, too). Some of these personal data purveyors even try to reinvent their online identities in a bid to hide their conflicts of interest. But it's not every day you run across a....
6.4AI Score
The version of PostgreSQL installed on the remote host is 11 prior to 11.22, 12 prior to 12.17, 13 prior to 13.13, 14 prior to 14.10, 15 prior to 15.5, or 16 prior to 16.1. As such, it is potentially affected by multiple vulnerabilities: Missing overflow checks let authenticated database users...
8.1AI Score
In QUIC in RFC 9000, the Latency Spin Bit specification (section 17.4) does not strictly constrain the bit value when the feature is disabled, which might allow remote attackers to construct a covert channel with data represented as changes to the bit value. NOTE: The "Sheridan, S., Keane, A....
6.7AI Score
0.0004EPSS
A vulnerability classified as problematic was found in CodeAstro University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /st_reg.php of the component Student Registration Form. The manipulation of the argument Address leads to cross site scripting......
6.2AI Score
0.001EPSS
spbu_se_site is the website of the Department of System Programming of St. Petersburg State University. Before 2024.01.29, when uploading an avatar image, an authenticated user may intentionally use a large Unicode filename which would lead to a server-side denial of service under Windows. This is....
5.7CVSS
7.1AI Score
0.0004EPSS
spbu_se_site is the website of the Department of System Programming of St. Petersburg State University. Before 2024.01.29, when uploading an avatar image, an authenticated user may intentionally use a large Unicode filename which would lead to a server-side denial of service under Windows. This is....
5.7CVSS
6.8AI Score
0.0004EPSS
About the security content of tvOS 17.4
About the security content of tvOS 17.4 This document describes the security content of tvOS 17.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available....
8.9AI Score
0.002EPSS
About the security content of iOS 17.4 and iPadOS 17.4
About the security content of iOS 17.4 and iPadOS 17.4 This document describes the security content of iOS 17.4 and iPadOS 17.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches...
8.9AI Score
0.002EPSS
About the security content of watchOS 10.4
About the security content of watchOS 10.4 This document describes the security content of watchOS 10.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
8.8AI Score
0.002EPSS
ToddyCat is making holes in your infrastructure
We continue covering the activities of the APT group ToddyCat. In our previous article, we described tools for collecting and exfiltrating files (LoFiSe and PcExter). This time, we have investigated how attackers obtain constant access to compromised infrastructure, what information on the hosts...
7.6AI Score
Top 6 Data Breaches That Cost Millions
“If you put a key under the mat for the cops, a burglar can find it, too. Criminals are using every technology tool at their disposal to hack into people’s accounts. If they know there’s a key hidden somewhere, they won’t stop until they find it.” - Tim Cook, CEO of Apple Inc. The entire digital...
6.7AI Score
Unmasking the True Cost of Cyberattacks: Beyond Ransom and Recovery
Cybersecurity breaches can be devastating for both individuals and businesses alike. While many people tend to focus on understanding how and why they were targeted by such breaches, there's a larger, more pressing question: What is the true financial impact of a cyberattack? According to research....
7AI Score
6.7AI Score
0.118EPSS
This is a current list of where and when I am scheduled to speak: I’m speaking at the Munich Security Conference (MSC) 2024 in Munich, Germany, on Friday, February 16, 2024. I’m giving a keynote on “AI and Trust” at Generative AI, Free Speech, & Public Discourse. The symposium will be held at...
7.2AI Score
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable from adjacent network/Low attack complexity Vendor: IOSiX Equipment: IO-1020 Micro ELD Vulnerabilities: Use of Default Credentials, Download of Code Without Integrity Check 2. RISK EVALUATION Successful exploitation of these...
8.2AI Score
0.0004EPSS
Alpine tmail and dmail Buffer Overflow Vulnerabilities - Windows
Alpine is prone to buffer overflow...
6.7AI Score
0.118EPSS
Researchers Highlight Google's Gemini AI Susceptibility to LLM Threats
Google's Gemini large language model (LLM) is susceptible to security threats that could cause it to divulge system prompts, generate harmful content, and carry out indirect injection attacks. The findings come from HiddenLayer, which said the issues impact consumers using Gemini Advanced with...
7.2AI Score
"Gotta Fly Now" is more closely associated with corporate hype videos or conferences with thousands of attendees in a mid-market city's convention center than it is from its origins in the "Rocky" movies. But Heather Couk thinks it's useful in incident response calls, too. Couk, an incident...
7.3AI Score
About the security content of macOS Sonoma 14.4
About the security content of macOS Sonoma 14.4 This document describes the security content of macOS Sonoma 14.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are....
8.9AI Score
0.962EPSS
Radamsa - A General-Purpose Fuzzer
Radamsa is a test case generator for robustness testing, a.k.a. a fuzzer. It is typically used to test how well a program can withstand malformed and potentially malicious inputs. It works by reading sample files of valid data and generating interestringly different outputs from them. The main...
7.5AI Score
0.964EPSS
CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms
The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and Cyprus, and that its....
6.8AI Score
FreeBSD : chromium -- multiple vulnerabilities (64988354-0889-11eb-a01b-e09467587c17)
Chrome releases reports : This release contains 35 security fixes, including : [1127322] Critical CVE-2020-15967: Use after free in payments. Reported by Man Yue Mo of GitHub Security Lab on 2020-09-11 [1126424] High CVE-2020-15968: Use after free in Blink. Reported by Anonymous on...
8.7AI Score
8.3AI Score
0.952EPSS
9.3AI Score
0.054EPSS
9.3AI Score
0.054EPSS
8.3AI Score
0.952EPSS
Third-Party ChatGPT Plugins Could Lead to Account Takeovers
Cybersecurity researchers have found that third-party plugins available for OpenAI ChatGPT could act as a new attack surface for threat actors looking to gain unauthorized access to sensitive data. According to new research published by Salt Labs, security flaws found directly in ChatGPT and...
6.8AI Score
7.7AI Score
0.011EPSS
8.4AI Score
0.016EPSS
8.2AI Score
0.016EPSS
7.7AI Score
0.011EPSS
AI and the Evolution of Social Media
Oh, how the mighty have fallen. A decade ago, social media was celebrated for sparking democratic uprisings in the Arab world and beyond. Now front pages are splashed with stories of social platforms’ role in misinformation, business conspiracy, malfeasance, and risks to mental health. In a 2022...
6.3AI Score
Fedora: Security Advisory for exim (FEDORA-2024-e0841c83bb)
The remote host is missing an update for...
5.7AI Score
0.003EPSS
6.5AI Score
0.021EPSS
Fedora: Security Advisory for exim (FEDORA-2024-1ef6197a49)
The remote host is missing an update for...
5.7AI Score
0.003EPSS
5.5AI Score
0.003EPSS
7.2AI Score
0.006EPSS
5.7AI Score
0.003EPSS
CVE-2024-23826 Uploading an image with a specific filename causes a server-side DoS
spbu_se_site is the website of the Department of System Programming of St. Petersburg State University. Before 2024.01.29, when uploading an avatar image, an authenticated user may intentionally use a large Unicode filename which would lead to a server-side denial of service under Windows. This is....
6.6AI Score
0.0004EPSS
7.7AI Score
0.969EPSS
5.6AI Score
0.004EPSS
7.1AI Score
0.969EPSS
7.7AI Score
0.002EPSS
6.5AI Score
0.004EPSS
6.7AI Score
0.381EPSS
7.7AI Score
0.002EPSS
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1895)
The remote host is missing an update for the Huawei...
7AI Score
0.969EPSS
6AI Score
0.004EPSS