7047 matches found
Microsoft Azure Services Flaws Could've Exposed Cloud Resources to Unauthorized Access
Four different Microsoft Azure services have been found vulnerable to server-side request forgery SSRF attacks that could be exploited to gain unauthorized access to cloud resources. The security issues, which were discovered by Orca between October 8, 2022 and December 2, 2022 in Azure API...
4 Places to Supercharge Your SOC with Automation
It's no secret that the job of SOC teams continues to become increasingly difficult. Increased volume and sophistication of attacks are plaguing under-resourced teams with false positives and analyst burnout. However, like many other industries, cybersecurity is now beginning to lean on and benef...
PT-2023-1180 · Oracle · Oracle Learning Management +1
Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.12 Description: The issue is related to insufficient input validation in the Setup component of the Oracle Learning Management product. This can be exploited by a remote attacker to...
XSS Vulnerability in Study Pass
Study Pass is a free app developed by Beijing Century Superstar Information Technology Development Limited Liability Company in 2016 that integrates mobile teaching, mobile learning, mobile reading and mobile socializing, and supports mobile only Android / iOS / Harmony OS. XSS vulnerability exis...
scikit-learn: Denial of Service
Background scikit-learn is a machine learning library for Python. Description When supplied with a crafted model SVM, predict can result in a null pointer dereference. Impact An attcker capable of providing a crafted model to scikit-learn can result in denial of service. Workaround There is no...
Recovering Smartphone Voice from the Accelerometer
Yet another smartphone side-channel attack: "EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers": Abstract: Eavesdropping from the users smartphone is a well-known threat to the users safety and privacy. Existing studies show that loudspeaker reverberatio...
LinkedIn: Attackers do not need to Pay for a Subscription to get the `Discussion Group URL` in `Paid Learning`
Vulnerability description not provided...
Forrester names Microsoft a Leader in Q4 2022 Security Analytics Platforms Wave report
We’re excited to announce that Microsoft is named a Leader in The Forrester Wave: Security Analytics Platforms, Q4 2022. Microsoft achieved the highest possible score in 17 different criteria, including partner ecosystem, innovation roadmap, product security, case management, and architecture. Wi...
Shennina - Automating Host Exploitation With AI
Shennina is an automated host exploitation framework. The mission of the project is to fully automate the scanning, vulnerability scanning/analysis, and exploitation using Artificial Intelligence. Shennina is integrated with Metasploit and Nmap for performing the attacks, as well as being...
LinkedIn: Delete any LinkedIn comment on learning API of other users
Vulnerability description not provided...
ai.djl.spring:djl-spring-boot-starter-tensorflow-auto (>=0.15 <=0.18), ai.djl.tensorflow:tensorflow-api (>=0.15.0 <=0.18.0) +7125 more potentially affected by CVE-2022-3510 via com.google.protobuf:protobuf-java (>=3.17.0 <=3.19.5)
com.google.protobuf:protobuf-java MAVEN version =3.17.0, =0.15, =0.15.0, =0.15.0, =0.15.0, =3.32.1.6, =3.32.1.6-1-2.1, =3.32.1.6-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.0.1, =2.8.4-alpha1, =3.0.1-alpha1 and more Source cves: CVE-2022-3510...
Google TensorFlow buffer overflow vulnerability (CNVD-2023-03936)
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A buffer overflow vulnerability exists in versions prior to Google TensorFlow 2.11.0, which can be exploited by attackers to cause out-of-bounds memory reads or crashes...
[SECURITY] Fedora 36 Update: moodle-3.11.11-1.fc36
Moodle is a course management system CMS - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities...
[SECURITY] Fedora 35 Update: moodle-3.11.11-1.fc35
Moodle is a course management system CMS - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities...
ILIAS 跨站脚本漏洞
ILIAS is an open source learning management system. A security vulnerability exists in ILIAS versions prior to 7.16. An attacker exploited the vulnerability to execute a cross-site scripting attack...
ILIAS 操作系统命令注入漏洞
ILIAS is an open source learning management system. A security vulnerability exists in ILIAS versions prior to 7.16. An attacker exploited the vulnerability to perform OS command injection attacks...
CVE-2022-41910
TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We hav...
CVE-2022-41910
TensorFlow CVE-2022-41910 affects MakeGrapplerFunctionItem: if input sizes are >= output sizes, it triggers out-of-bounds memory reads or a crash. A fix was committed (a65411a1d69edfb16b25907ffb8f73556ce36bb7) and will be included in TensorFlow 2.11.0, with cherry-picks planned for 2.8.4, 2.9....
CVE-2022-41902 Out of bounds write in grappler in Tensorflow
TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We hav...
CVE-2022-41902
CVE-2022-41902 in TensorFlow describes an out-of-bounds read/crash caused by MakeGrapplerFunctionItem input-size handling. A GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7 fixes the issue, and the fix will be released in TensorFlow 2.11.0. The same patch has been cherry-picked to TensorFl...