From Frontier to Shadow AI: A Simmering Threat to Assurance and Security in Critical Infrastructure

Frontier AI systems, including large language models and emerging agentic AI tools, offer significant operational benefits but present unique challenges to critical infrastructure CI environments due to their non-deterministic and emergent properties. While formal adoption is inherently cautious...

xrdp security vulnerabilities

XRDPT is an open-source remote desktop protocol server developed by Neutrinolabs. Versions of XRDPT prior to v0.10.5 contained security vulnerabilities. These vulnerabilities stemmed from improper boundary checking when processing user domain information, which could lead to stack-based buffer...

EUVD-2018-0171

Malware in sbrugna...

Usage of unsafe random function in form-data for choosing boundary

...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Firmware: csdsp: Returns an error if the block header exceeds the size of the remaining data in the file. If the block header is longer than the amount of data remaining in the file, csdsppowerup will return an error. The previou...

Debian dla-3374 : libmicrohttpd-dev - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3374 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3374-1 [email protected] https://www.debian.org/lts/security/...

Cisco IOS XE Software 输入验证错误漏洞

Cisco IOS XE Software is an operating system from Cisco, Inc. A single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE Software that stems from insufficient...

Cisco IOS and IOS XE Software IPv6 DHCP (DHCPv6) Relay and Server Denial of Service Vulnerability

A vulnerability in the IPv6 DHCP version 6 DHCPv6 relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition. This vulnerability is due to insufficient validation of data boundaries. An attacker could...

GNU libmicrohttpd 缓冲区错误漏洞

GNU libmicrohttpd is an application from the American GNU community. Runs an HTTP server as part of another application. A security vulnerability exists in GNU libmicrohttpd versions prior to 0.9.76, which stems from improperly resolved data boundaries and can be exploited by an attacker to cause...

CVE-2023-27371

GNU libmicrohttpd before 0.9.76 allows remote DoS Denial of Service due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHDcreatepostprocessor method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a...

Adobe InDesign 缓冲区错误漏洞

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. A code execution vulnerability exists in Adobe InDesign. The vulnerability arises from a networked system or product that does not properly validate data boundaries when performing operations in...

Adobe Framemaker 缓冲区错误漏洞

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. A security vulnerability exists in Adobe Framemaker. The vulnerability stems from a networked system or product th...

Adobe After Effects 缓冲区错误漏洞

Adobe After Effects is a suite of visual effects and motion graphics software from Adobe, Inc. A buffer overflow vulnerability exists in Adobe After Effects, which stems from a failure to properly validate data boundaries when performing operations on memory, and can be exploited by remote...

Adobe Audition 缓冲区错误漏洞

Adobe Audition is a set of multi-track editing tools from Adobe. Adobe Audition suffers from a buffer overflow vulnerability that originates when a networked system or product does not properly validate data boundaries when performing operations in memory, resulting in incorrect read and write...

Mozilla Firefox 缓冲区错误漏洞

Mozilla Firefox is an open source Web browser from the Mozilla Foundation, U.S. A buffer overflow vulnerability exists in Mozilla Firefox, which stems from a networked system or product that does not properly validate data boundaries when performing operations on memory, resulting in incorrect re...

D-Link DIR-809 缓冲区错误漏洞

A buffer overflow vulnerability exists in the D-Link DIR-809, a dual-band router from D-Link, China, which stems from the failure of the sub8003183C function in the product/fromLogin link to effectively determine data boundaries. An attacker could cause a buffer overflow resulting in a denial of...

Moddable SDK 缓冲区错误漏洞

Moddable SDK is a software development kit SDK for IoT embedded software development from Moddable U.S. A security vulnerability exists in the Moddable SDK, which stems from a networked system or product that does not properly validate data boundaries when performing operations on memory, resulti...

AMD System Management Unit 缓冲区错误漏洞

The AMD System Management Unit SMU is a system management unit of AMD Corporation. The AMD System Management Unit suffers from a buffer error vulnerability that originates when a networked system or product performs an operation in memory without properly validating data boundaries, resulting in ...

Mediatek 芯片 缓冲区错误漏洞

The Mediatek chip is a smartphone chipset from China's MediaTek Mediatek. A buffer error vulnerability exists in the Mediatek chips, which can be exploited by an attacker to cause a denial of service, due to the product's failure to adequately check data boundaries...

ROS-2-2224

2.2224 Multiple vulnerabilities in libwebp 1. Vulnerability Description: CVE-2020-36332 A vulnerability in the libwebp library for encoding and decoding WebP images, is related to improper control of internal resource consumption. Exploitation of the vulnerability could allow an attacker acting...