Exploit for Integer Overflow or Wraparound in Linux Linux Kernel
Linux kernel release 4.x http://kernel.org/ These are the...
7.8CVSS
8.2AI Score
0.0004EPSS
Exploit for Integer Overflow or Wraparound in Linux Linux Kernel
Linux kernel release 3.x http://kernel.org/ These are the...
7.8CVSS
8.2AI Score
0.0004EPSS
Basket range formula is inefficient, leading the protocol to unnecessary haircut
Lines of code Vulnerability details Impact The BackingManager.manageTokens() function checks if there's any deficit in collateral, in case there is, if there's a surplus from another collateral token it trades it to cover the deficit, otherwise it goes for a 'haircut' and cuts the amount of basket....
6.7AI Score
Issue Overview: Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a...
8.8CVSS
9.3AI Score
0.022EPSS
Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a .gitattributes file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this...
9.8CVSS
2.5AI Score
0.013EPSS
Git is distributed revision control system. git log can display commits in an arbitrary format using its --format specifiers. This functionality is also exposed to git archive via the export-subst gitattribute. When processing the padding operators, there is a integer overflow in...
9.8CVSS
4.5AI Score
0.003EPSS
Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it,...
8.6CVSS
7.5AI Score
0.001EPSS
-0.3AI Score
-0.3AI Score
Booklist Review of A Hacker’s Mind
Booklist reviews A Hacker's Mind: Author and public-interest security technologist Schneier (Data and Goliath, 2015) defines a “hack” as an activity allowed by a system “that subverts the rules or norms of the system […] at the expense of someone else affected by the system.” In accessing the...
-0.1AI Score
Happy 20th Birthday TaoSecurity Blog
Happy 20th birthday TaoSecurity Blog, born on 8 January 2003. Thank you Blogger Blogger (now part of Google) has continuously hosted this blog for 20 years, for free. I'd like to thank Blogger and Google for providing this platform for two decades. It's tough to find extant self-hosted security...
-0.7AI Score
A week in security (December 12 - 18)
Last week on Malwarebytes Labs: Indiana sues TikTok, describes it as "Chinese Trojan Horse" Iranian hacking group uses compromised email accounts to distribute MSP remote access tool Electronic Sales Suppression Tools are cooking the books Silence is golden partner for Truebot and Cl0p ransomware.....
0.7AI Score
Last week, I hosted a two-day workshop on reimagining democracy. The idea was to bring together people from a variety of disciplines who are all thinking about different aspects of democracy, less from a "what we need to do today" perspective and more from a blue-sky future perspective. My remit...
-0.2AI Score
Electronic Sales Suppression Tools are cooking the books
When you see point of sale software in the news, it's usually because the terminal has been compromised and is now stealing payment details used in the device. Insecure stores, whether compromised as part of an inside job or a phishing attack, are a big problem for both buyers and the store itself....
-0.4AI Score
What ChatGPT know about API Security?
There is no doubt that you heard about and seen the latest OpenAI's brilliant called ChatGPT. It can write poems, speak many languages, answer questions, play chess, make code and impress everyone. In this post, we show a few more of how this AI model is good in cybersecurity, in particular in API....
-0.1AI Score
This article talks about public land in the US that is completely surrounded by private land, which in some cases makes it inaccessible to the public. But there's a hack: Some hunters have long believed, however, that the publicly owned parcels on Elk Mountain can be legally reached using a...
1AI Score
Can ChatGPT be used to attack your APIs? | API Security Newsletter
The (winter) solstice is fast approaching, along with the end-of-year holidays - before we know it, it'll be 2023 already! And with the fall behind us, our hive has been busy putting the finishing touches on many new and improved capabilities – such as weak JWT detection, API Abuse Prevention, API....
9.8CVSS
0.2AI Score
0.013EPSS
Existential Risk and the Fermi Paradox
We know that complexity is the worst enemy of security, because it makes attack easier and defense harder. This becomes catastrophic as the effects of that attack become greater. In A Hacker's Mind (coming in February 2023), I write: Our societal systems, in general, may have grown fairer and...
0.1AI Score
Who tracked internet users in 2021–2022
Every time you go online, someone is watching over you. The services you use, the websites you visit, the apps on your phone, smart TVs, gaming consoles, and any networked devices collect data on you with the help of trackers installed on web pages or in software. The websites and services send...
1.2AI Score
Best of TaoSecurity Blog Kindle Edition Sale
I'm running a #BlackFriday #CyberMonday sale on my four newest #Kindle format books. Volumes 1-4 of The Best of TaoSecurity Blog will be half off starting 9 pm PT Tuesday 22 Nov and ending 9 pm PT Tueday 29 Nov. They are here. There also appears to be a daily deal right now for the paperback of...
0.6AI Score
First Review of A Hacker’s Mind
Kirkus reviews A Hacker's Mind: A cybersecurity expert examines how the powerful game whatever system is put before them, leaving it to others to cover the cost. Schneier, a professor at Harvard Kennedy School and author of such books as Data and Goliath and Click Here To Kill Everybody,...
AI Score
A Bootiful Podcast: Java Champion, legendary engineer, and teacher Trisha Gee
Hi, Spring fans! In this installment, Josh Long (@starbuxman) talks to Java Champion, legendary engineer, and teacher Trisha Gee (@trisha_gee) bout her extraordinary career working at organizations like LMAX, MongoDB, Jetbrains, and her new books, Heads First Java, and Getting to Know IntelliJ...
2.6AI Score
flatpak bug fix and enhancement update
An update is available for zaf, hyphen-uk, libpagemaker, hyphen-ca, hunspell-et, hyphen-eu, hyphen-ga, libvisio, raptor2, hunspell-ta, mythes-nl, hunspell-lt, hunspell-sk, ongres-scram, hunspell-hu, libshout, hunspell-nso, poppler, hunspell-nl, hunspell-hi, openjpeg2, libabw, hunspell-es,...
-0.1AI Score
I have a new book coming out in February. It's about hacking. A Hacker's Mind: How the Powerful Bend Society's Rules, and How to Bend them Back isn't about hacking computer systems; it's about hacking more general economic, political, and social systems. It generalizes the term hack as a means of.....
AI Score
books-library.net Cross Site Scripting vulnerability OBB-3046718
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.1AI Score
Tor domain remains online after Feds seize Z-Library websites
By Waqas Z-Library offered pirated e-books for free and proved a suitable alternative to expensive originals. This is a post from HackRead.com Read the original post: Tor domain remains online after Feds seize Z-Library...
1.4AI Score
8.8CVSS
7AI Score
0.002EPSS
Security update for MozillaThunderbird (important)
An update that fixes 12 vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 102.4.0 (bsc#1204421) changed: Thunderbird will automatically detect and repair OpenPGP key storage corruption caused by using the profile...
7.5CVSS
-0.1AI Score
0.002EPSS
Adversarial ML Attack that Secretly Gives a Language Model a Point of View
Machine learning security is extraordinarily difficult because the attacks are so varied--and it seems that each new one is weirder than the next. Here's the latest: a training-time attack that forces the model to exhibit a point of view: Spinning Language Models: Risks of Propaganda-As-A-Service.....
0.4AI Score
Hackers Using New Version of FurBall Android Malware to Spy on Iranian Citizens
The Iranian threat actor known as Domestic Kitten has been attributed to a new mobile campaign that masquerades as a translation app to distribute an updated variant of an Android malware known as FurBall. "Since June 2021, it has been distributed as a translation app via a copycat of an Iranian...
0.7AI Score
In August, the US Treasury's Office of Foreign Assets Control (OFAC) sanctioned the cryptocurrency platform Tornado Cash, a virtual currency "mixer" designed to make it harder to trace cryptocurrency transactions--and a worldwide favorite money-laundering platform. Americans are now forbidden from....
-0.2AI Score
Cyber Security Framework: Back to Basics
Dr. Ivan Pavlov once said: “If you want new ideas, read old books.” The same applies with cybersecurity best practices. Discover how you can extend a basic cyber security framework to reduce systems and employee security...
2.3AI Score
The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call...
7.6AI Score
0.019EPSS
The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call...
7.6AI Score
0.019EPSS
The Printer Administration module for Webmin 0.990 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the printer...
7.7AI Score
0.015EPSS
Untrusted search path vulnerability in Amazon Kindle for PC 1.3.0 30884 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .azw file. NOTE: some of these details are obtained from third party...
6.7AI Score
0.0004EPSS
Untrusted search path vulnerability in Amazon Kindle for PC 1.3.0 30884 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .azw file. NOTE: some of these details are obtained from third party...
6.5AI Score
0.0004EPSS
The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the (1) dev.log, (2) lipc.set, (3) lipc.get, or (4) todo.scheduleItems method, a different....
6.8AI Score
0.005EPSS
The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the (1) dev.log, (2) lipc.set, (3) lipc.get, or (4) todo.scheduleItems method, a different....
6.6AI Score
0.005EPSS
The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch before 5.1.2 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a string, as demonstrated by using lipc-set-prop to set an LIPC property, a different vulnerability than...
7.5AI Score
0.005EPSS
The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch before 5.1.2 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a string, as demonstrated by using lipc-set-prop to set an LIPC property, a different vulnerability than...
7.2AI Score
0.005EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) groupname parameter in a savecategory in the users module; (2) virtual_filename, (3) branch, (4) contact_person, (5) street, (6) city, (7)...
5.8AI Score
0.004EPSS
Multiple cross-site scripting (XSS) vulnerabilities in apps/users/registration.template.php in Baby Gekko 1.2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email_address, (3) password, (4) password_verify, (5) firstname, (6) lastname, or (7).....
5.9AI Score
0.004EPSS
Gekko before 1.2.0 allows remote attackers to obtain the installation path via a direct request to (1) admin/templates/babygekko/index.php or (2)...
6.8AI Score
0.005EPSS
Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7)....
5.9AI Score
0.003EPSS
Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7)....
5.8AI Score
0.003EPSS
Double free vulnerability in Deliantra server engine before 2.4 has unknown impact and attack...
6.8AI Score
0.002EPSS
SUSE SLES12 Security Update : libcaca (SUSE-SU-2022:3428-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3428-1 advisory. A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local...
7.8CVSS
7.9AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS