PT-2024-2641 · Dji · Dji Matrice 300 +6

Name of the Vulnerable Software and Affected Versions: DJI Mavic 3 Pro versions prior to v01.01.0300 DJI Mavic 3 versions prior to v01.00.1200 DJI Mavic 3 Classic versions prior to v01.00.0500 DJI Mavic 3 Enterprise versions prior to v07.01.10.03 DJI Matrice 300 versions prior to v57.00.01.00 DJI...

PT-2024-12054 · Unknown · Ladle Dev Server

Name of the Vulnerable Software and Affected Versions: Ladle Dev Server versions 2.5.1 and earlier Description: A Directory Traversal issue allows an attacker on the same network to read files accessible to the user via GET requests. This can be exploited by sending requests to specific API...

RLSA-2024:1503 Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: code injection and privilege escalation through Linux capabilities CVE-2024-21892 nodejs: reading unprocessed HTTP request with unbounded...

OpenJDK: arbitrary Java code execution in Nashorn (8314284)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or...

Licensing AI Engineers

The debate over professionalizing software engineers is decades old. The basic idea is that, like lawyers and architects, there should be some professional licensing requirement for software engineers. Heres a law journal article recommending the same idea for AI engineers. This Article proposes...

编号撤回

ROS2 Humble Hawksbill is an open source set of software libraries and tools for ROS2. It can help build robotics applications. This CVE number has been withdrawn...

[SECURITY] Fedora 40 Update: pgadmin4-8.4-2.fc40

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

[SECURITY] Fedora 40 Update: pgadmin4-8.4-1.fc40

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

CVE-2024-29180

CVE-2024-29180 affects the webpack-dev-middleware development middleware used with webpack-dev-server/webpack-dev-middleware. The vulnerability arises from improper URL unescaping/normalization before parsing the requested file, allowing path traversal via sequences like %2e and %2f to access loc...

Public AI as an Alternative to Corporate AI

This mini-essay was my contribution to a round table on Power and Governance in the Age of AI. Its nothing I havent said here before, but for anyone who hasnt read my longer essays on the topic, its a shorter introduction. The increasingly centralized control of AI is an ominous sign. When tech...

CVE-2024-27094

OpenZeppelin Contracts is a library for secure smart contract development. The Base64.encode function encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The...

Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word

Cisco Talos disclosed several vulnerabilities in JustSystems Ichitaro Word Processor last year. These vulnerabilities were complex and were discovered through extensive reverse engineering. CVE-2023-35126 and its peers CVE-2023-34366, CVE-2023-38127, and CVE-2023-38128 were each assessed as...

Important: nodejs security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks CVE-2024-22019 For more details about the security...

Repository for Software Attestation and Artifacts Now Live

Software producers who partner with the federal government can now upload their Secure Software Development Attestation Forms to CISA's Repository for Software Attestation and Artifacts. Software producers that provide the government software can fill out the form to attest to implementation of...

CVE-2024-27757

flusity CMS through 2.45 allows tools/addonsmodel.php Gallery Name XSS. The reporter indicates that this product "ceased its development as of February 2024."...

CVE-2024-27757

flusity CMS through 2.45 allows tools/addonsmodel.php Gallery Name XSS. The reporter indicates that this product "ceased its development as of February 2024."...

PHP Development Server < 7.4.22 Source Disclosure

In PHP versions pior to 7.4.22, when the integrated web server is used, an attacker can with a specially forged request, obtain the source code due to an improper handling of multiple requests in quick succession, leading to the server treating requested files as static files instead of executing...

CVE-2024-27757

flusity CMS through 2.45 allows tools/addonsmodel.php Gallery Name XSS. The reporter indicates that this product "ceased its development as of February 2024."...

The vulnerability of the Azure SDK software development kit, related to errors in user interface representation, allows attackers to perform spoofing attacks.

The vulnerability of the Azure SDK software development kit is related to errors in information representation by the user interface. Exploiting this vulnerability allows a remote attacker to perform spoofing attacks...

CVE-2024-27757

flusity CMS through 2.45 allows tools/addonsmodel.php Gallery Name XSS. The reporter indicates that this product "ceased its development as of February 2024."...