PT-2021-18312 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3 TensorFlow version 2.2.3 TensorFlow version 2.1.4 Description: An attacker can cause a denial of service by exploiting a CHECK-failure coming from tf.raw...

PT-2024-11108 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the f2fs file system in the Linux kernel. In CP disabling mode, there are two issues when using LFS or SSR | AT SSR mode to select a victim. The first issue is...

CVE-2021-3007

Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer...

CVE-2020-28188

Remote Command Execution RCE vulnerability in TerraMaster TOS = 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter. Recent assessments: gwillcox-r7 at January 21, 2021 3:28am UTC reported: Noted as exploited in the wild by CheckPoint...

Steam vulnerabilities allowed remote take over of users’ computers

By Waqas In total, CheckPoint researchers found 4 vulnerabilities all allowing attackers to harm Steam and those using 3rd party game server. This is a post from HackRead.com Read the original post: Steam vulnerabilities allowed remote take over of users computers...

A New Flaw In Zoom Could Have Let Fraudsters Mimic Organisations

In a report shared with The Hacker News, researchers at cybersecurity firm CheckPoint today disclosed details of a minor but easy-to-exploit flaw they reported in Zoom, the highly popular and widely used video conferencing software. The latest Zoom flaw could have allowed attackers mimic an...

A New Flaw In Zoom Could Have Let Fraudsters Mimic Organisations

In a report shared with The Hacker News, researchers at cybersecurity firm CheckPoint today disclosed details of a minor but easy-to-exploit flaw they reported in Zoom, the highly popular and widely used video conferencing software. The latest Zoom flaw could have allowed attackers mimic an...

Microsoft DNS Server Remote Code Execution (SIGRed)

According to its self-reported version number, the Microsoft DNS Server running on the remote host is affected by a remote code execution vulnerability. An unauthenticated, remote attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System...

CVE-2020-1350 Windows DNS Server Remote Code Execution (SigRed)

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka ‘Windows DNS Server Remote Code Execution Vulnerability’. Recent assessments: gwillcox-r7 at July 14, 2020 6:11pm UTC reported: Important Update: This is now supposed...

'Satori' IoT DDoS Botnet Operator Sentenced to 13 Months in Prison

The United States Department of Justice yesterday sentenced a 22-year-old Washington-based hacker to 13 months in federal prison for his role in creating botnet malware, infecting a large number of systems with it, and then abusing those systems to carry out large scale distributed...

How to Test the Creation of Production Checkpoints in Hyper-V 2016 and Newer

Purpose This article documents how to force Hyper-V 2016 or newer to create a Production Checkpoint. Cause Forcing Hyper-V to create a Checkpoint in ProductionOnly mode is used as an isolation step when troubleshooting a Veeam job that fails to create a Recovery Checkpoint with Application-Aware...

Reverse RDP Attack Also Enables Guest-to-Host Escape in Microsoft Hyper-V

Remember the Reverse RDP Attack? Earlier this year, researchers disclosed clipboard hijacking and path-traversal issues in Microsoft's Windows built-in RDP client that could allow a malicious RDP server to compromise a client computer, reversely. You can find details and a video demonstration for...

Agent Smith Android malware has infected 25 million devices so far

By Waqas Agent Smith malware exploits Android vulnerabilities to target unsuspected users for credential stealing. The IT security researchers at CheckPoint have discovered a new variant of smartphone malware whose primary target is Android devices and so far the malware has infected more than 25...

China's Border Guards Secretly Installing Spyware App on Tourists' Phones

Chinese authorities are secretly installing surveillance apps on smartphones of foreigners at border crossings in the Xinjiang region who are entering from neighboring Kyrgyzstan, an international investigation revealed. Xinjiang XUAR is an autonomous territory and home to many Muslim ethnic...

Linux Kernel CVE-2019-11477 Integer Overflow Vulnerability

Description Linux Kernel is prone to a remote integer-overflow vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Technologies Affected Bluecoat Mail Threat Defense 1.1 Bluecoat Malware Analysis Appliance 4.2 Bluecoat PacketShaper S-Series 11.10 Bluecoat...

Critical Flaws Found in Widely Used IPTV Software for Online Streaming Services

Security researchers have discovered multiple critical vulnerabilities in a popular IPTV middleware platform that is currently being used by more than a thousand regional and international online media streaming services to manage their millions of subscribers. Discovered by security researchers ...

Integer Overflow or Wraparound in Google TensorFlow

Issue Description Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent. The block size in meta file might contain a large int64 value which causes an integer overflow upon addition. Subsequent code using n as index may...

August 30, 2018—KB4343893 (OS Build 16299.637)

August 30, 2018—KB4343893 OS Build 16299.637 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue in Microsoft Foundation Class MFC applications that may cause applications t...

runc security update

1.0.0-19.rc5.git4bb1fe4.0.3.el7 - Apply patch for CVE-2019-5736 Wiekus Beukes 1.0.0-19.rc5.git4bb1fe4.0.2.el7 - update Go version to 1.10.8, fix version string Laszlo Laca Peter 1.0.0-19.rc5.git4bb1fe4.0.1.el7 - Tuning .spec file 2:1.0.0-19.rc5.git4bb1fe4 - release v1.0.0rc5...

Vulnerability in Drone giant DJI exposed users’ photos & other sensitive data

By Waqas Researchers at security firm CheckPoint identified a vulnerability in the website and apps of the popular consumer drone manufacturer DJI. The vulnerability was revealed on Thursday after DJI managed to fix the flaw. Though, it took DJI around six months to fully address the security fla...