648 matches found
Trend Micro Endpoint Encryption PolicyServer SQL注入漏洞
Trend Micro Endpoint Encryption PolicyServer is a centralized management server from Trend Micro. A security vulnerability exists in Trend Micro Endpoint Encryption PolicyServer that stems from a SQL injection issue that could result in elevated privileges...
Evaluating the Impact of Privacy-Preserving Federated Learning on CAN Intrusion Detection
The challenges derived from the data-intensive nature of machine learning in conjunction with technologies that enable novel paradigms such as V2X and the potential offered by 5G communication, allow and justify the deployment of Federated Learning FL solutions in the vehicular intrusion detectio...
Important: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.4.9 security updates and bug fixes
Multicluster Engine for Kubernetes 2.4.9 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...
Transaction Proximity: a Graph-Based Approach to Blockchain Fraud Prevention
This paper introduces a fraud-deterrent access validation system for public blockchains, leveraging two complementary concepts: "Transaction Proximity", which measures the distance between wallets in the transaction graph, and "Easily Attainable Identities EAIs", wallets with direct transaction...
The vulnerability of the software for centralized backup and disaster recovery management in Dell PowerProtect Data Manager lies in the lack of mechanisms for encoding or shielding output data. This allows attackers to gain unauthorized access to protected information.
The vulnerability of the Dell PowerProtect Data Manager’s centralized backup and recovery software lies in the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...
CVE-2016-15007
A vulnerability was found in Centralized-Salesforce-Dev-Framework. It has been declared as problematic. Affected by this vulnerability is the function SObjectService of the file src/classes/SObjectService.cls of the component SOQL Handler. The manipulation of the argument orderDirection leads to...
Towards Centralized Orchestration of Cyber Protection Condition (CPCON)
The United States Cyber Command USCYBERCOM Cyber Protection Condition CPCON framework mandates graduated security postures across Department of Defense DoD networks, but current implementation remains largely manual, inconsistent, and error-prone. This paper presents a prototype system for...
Important: Red Hat Security Advisory: Red Hat Developer Hub 1.6.0 release.
Red Hat Developer Hub 1.6.0 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...
Privacy-Aware Berrut Approximated Coded Computing Applied to General Distributed Learning
Coded computing is one of the techniques that can be used for privacy protection in Federated Learning. However, most of the constructions used for coded computing work only under the assumption that the computations involved are exact, generally restricted to special classes of functions, and...
Centralized Trust in Decentralized Systems: Unveiling Hidden Contradictions in Blockchain and Cryptocurrency
Blockchain technology promises to democratize finance and promote social equity through decentralization, but questions remain about whether current implementations advance or hinder these goals. Through a mixed-methods study combining semi-structured interviews with 13 diverse blockchain...
Exploring the Susceptibility to Fraud of Monetary Incentive Mechanisms for Strengthening FOSS Projects
Free and open source software FOSS is ubiquitous on modern IT systems, accelerating the speed of software engineering over the past decades. With its increasing importance and historical reliance on uncompensated contributions, questions have been raised regarding the continuous maintenance of FO...
The software of the centralized backup and disaster recovery system of Dell PowerProtect Data Manager is vulnerable due to errors in the use of privileged application programming interfaces (APIs). This vulnerability allows a malicious individual to escalate their privileges.
The vulnerability of the software for centralized backup and disaster recovery management in Dell PowerProtect Data Manager is related to errors when privileged application programming interfaces are used. Exploiting this vulnerability can allow an attacker to gain increased privileges...
Important: Red Hat Security Advisory: multicluster Engine for Kubernetes 2.6.7 container updates
multicluster engine for Kubernetes 2.6.7 General Availability release images, with updates to container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...
Receive Remote rsyslog Messages Only on A Specified Log Host
By default, rsyslog does not listen on log messages from a remote system. Log message listening via TCP is performed in a similar way to log message listening via UDP, both requiring rsyslog to load a module, that is, the imtcp.so module and the imudp.so module respectively. The TCP/UDP port to b...
kob 安全漏洞
kob is an open source centralized job scheduling system from Ke Technologies that defines a task scheduling model and enables unified management and monitoring of task scheduling. A security vulnerability exists in kob version v1.0.0, which stems from improper access control of the doFilter...
AI-Based Crypto Tokens: the Illusion of Decentralized AI?
The convergence of blockchain and artificial intelligence AI has led to the emergence of AI-based tokens, which are cryptographic assets designed to power decentralized AI platforms and services. This paper provides a comprehensive review of leading AI-token projects, examining their technical...
Securing GenAI Multi-Agent Systems against Tool Squatting: a Zero Trust Registry-Based Approach
The rise of generative AI GenAI multi-agent systems MAS necessitates standardized protocols enabling agents to discover and interact with external tools. However, these protocols introduce new security challenges, particularly; tool squatting; the deceptive registration or representation of tools...
Redefining Hybrid Blockchains: a Balanced Architecture
Blockchain technology has completely revolutionized the field of decentralized finance with the emergence of a variety of cryptocurrencies and digital assets. However, widespread adoption of this technology by governments and enterprises has been limited by concerns regarding the technology's...
Oracle WebLogic Server (April 2025 CPU)
The 12.2.1.4.0 and 14.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by a vulnerability as referenced in the April 2025 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Centralized Thirdparty Jars Apache...
CVE-2025-24859 Apache Roller: Insufficient Session Expiration on Password Change
A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user's password is changed, either by the user themselves or by an administrator, existing sessions remain active and usable. This...