A DoS attack occurred in run-llama/llama_index due to inappropriate secure coding measures

Description A DoS vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llamaindex project, and this issue has been reported see the link below: Huntr Report : https://huntr.com/bounties/27883f22-35ff-49df-aaa5-05031c7d6ad8 However, due to the developer's...

Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations

Over 57 distinct threat actors with ties to China, Iran, North Korea, and Russia have been observed using artificial intelligence AI technology powered by Google to further enable their malicious cyber and information operations. "Threat actors are experimenting with Gemini to enable their...

WordPress plugin Poll Maker 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2024-57892

CVE-2024-57892 relates to the Linux kernel OCFS2 quota handling. The issue is a slab-use-after-free when remounting an ocfs2 filesystem as read-only and a quota_getnextquota syscall is used. The root cause is a dangling dqi_priv pointer that is freed during remount but not cleared, combined with ...

CVE-2024-56028

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in lemonadestudio Lemonade Social Networks Autoposter Pinterest lemonade-sna-pinterest-edition allows Reflected XSS.This issue affects Lemonade Social Networks Autoposter Pinterest: from n/a through =...

CVE-2024-56028 WordPress Lemonade Social Networks Autoposter Pinterest plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in lemonadestudio Lemonade Social Networks Autoposter Pinterest lemonade-sna-pinterest-edition allows Reflected XSS.This issue affects Lemonade Social Networks Autoposter Pinterest: from n/a through =...

CVE-2024-56028

CVE-2024-56028 is a Reflected XSS in the Lemonade Social Networks Autoposter Pinterest WordPress plugin. Affected: Lemonade SNA Pinterest edition up to version 2.0 (from n/a through 2.0). Root cause: improper neutralization of input during web page generation. Impact: allows attacker to inject sc...

Exploit for SQL Injection in Janobe Vehicle_Management_System

CVE-2024-48245 SQL Injection Vulnerability in Vehicle Manageme...

USN-7168-1: EditorConfig vulnerabilities

It was discovered that EditorConfig improperly managed memory when handling certain inputs, leading to overflows. An attacker could possibly use these issues to cause a denial of service, or execute arbitrary code...

Imperva and the Secure by Design Pledge: A Commitment to Cybersecurity Excellence

The Cybersecurity and Infrastructure Security Agency CISA has introduced a voluntary "Secure by Design Pledge" for enterprise software manufacturers, focusing on improving the security of their products and services. This pledge outlines seven key principles, forming the core of a robust...

media: mediatek: vcodec: Fix H264 stateless decoder smatch warning

...

SUSE CVE-2024-47738

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't use rate mask for offchannel TX either Like the commit ab9177d83c04 "wifi: mac80211: don't use rate mask for scanning", ignore incorrect settings to avoid no supported rate warning reported by syzbot. The...

N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware

Threat actors with ties to North Korea have been observed targeting job seekers in the tech industry to deliver updated versions of known malware families tracked as BeaverTail and InvisibleFerret. The activity cluster, tracked as CL-STA-0240, is part of a campaign dubbed Contagious Interview tha...

PT-2024-39633 · Unknown · Slim Select

Name of the Vulnerable Software and Affected Versions: Slim Select versions 2.0 through 2.9.0 Description: The issue is a potential cross-site scripting vulnerability. In the createOption function, the text variable from the user-provided Options object is assigned to an innerHTML without...

Google's Shift to Rust Programming Cuts Android Memory Vulnerabilities by 68%

Google has revealed that its transition to memory-safe languages such as Rust as part of its secure-by-design approach has led to the percentage of memory-safe vulnerabilities discovered in Android dropping from 76% to 24% over a period of six years. The tech giant said focusing on Safe Coding fo...

kernel: null pointer when load rlc firmware

A vulnerability was found in the drm/amdgpu driver of Linux Kernel, causing null pointer dereference when attempting to load RLC Run-Length Coding firmware. This issue arises if the firmware has an incorrect header size, causing premature release of the firmware pointer in amdgpuucoderequest,...

Python Developers Targeted with Malware During Fake Job Interviews

Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware. From a news article These particular attacks from North Korean state-funded hacking team Lazarus Group are new, but the overall malware campaign agains...

Cursor’s Magic Comes with a Catch: The Trust Setting You’re Missing

Occasionally, a new AI tool emerges unexpectedly and dominates the conversation on social media. This time, that tool is Cursor, an AI coding platform that’s making waves for simplifying app development with advanced models like Claude 3.5 Sonnet and GPT-4o. In a recent video posted on X, which h...

Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware

Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of coding assessments. "The new samples were tracked to GitHub projects that have been linked to previous, targeted attacks in which developers are lured using fake job...

Virtuozzo Hybrid Infrastructure 5.4 Update 4 Hotfix 8 (5.4.4-157)

This update provides stability and performance improvements. Vulnerability id: VSTOR-76224 A stability fix for the Backup Gateway service. Vulnerability id: VSTOR-81226 Improved the size calculation of erasure coding files. Vulnerability id: VSTOR-88511 Decreased the memory consumption by...