926 matches found
AZL-44076 CVE-2018-16435 affecting package openjpeg2 2.3.1-12
Little CMS aka Little Color Management System 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile...
[SECURITY] Fedora 27 Update: redis-4.0.10-1.fc27
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...
TensorFlow Dataset API for increasing training speed of neural networks
by M.Salnikov, Wallarm Research Wallarm AI engine is the heart of our security solution. Two key parameters of our AI engine efficiency are how fast neural networks can be train to reflect the updated training sets and how much compute power need to be dedicated to the training on the on-going...
CVE-2014-4991
1 lib/dataset/database/mysql.rb and 2 lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process...
Command injection
vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the 1 mysqldump command line in the capture function and 2 mysql command line in the restore function, which allows local users to obtain sensitive information by listing the...
CVE-2014-4991
1 lib/dataset/database/mysql.rb and 2 lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process...
CVE-2014-4991
CVE-2014-4991 affects the Ruby gem codders-dataset (version 1.3.2.1). The vulnerability is in two files, lib/dataset/database/mysql.rb and lib/dataset/database/postgresql.rb, where credentials are placed on the mysqldump command line. This allows a local user to obtain sensitive information by li...
Foxit Reader dataset element remote code execution vulnerability
Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. A remote code execution vulnerability exists in the dataset element of the XFA in Foxit Reader version 8.3.2.25013, which originates from the program failing to adequately validate the existence of an object before...
Machine Learning Image Steganalysis: Aletheia
Aletheia is a steganalysis tool for the detection of hidden messages in images. The goal of steganalysis is to identify suspected packages, determine whether or not they have a payload encoded into them, and, if possible, recover that payload. Unlike cryptanalysis, steganalysis generally starts...
[SECURITY] Fedora 25 Update: python-tablib-0.11.5-1.fc25
Tablib is a format-agnostic tabular dataset library, written in Python. Output formats supported: - Excel Sets + Books - JSON Sets + Books - YAML Sets + Books - HTML Sets - TSV Sets - CSV Sets...
vision.stanford.edu XSS vulnerability
Vulnerable URL: http://vision.stanford.edu/projects/sceneclassification/disclaimer.php?dataset=UprightInvertedSet'%22%26%25prompt/OPENBUGBOUNTY/...
Data Warehouse Permission issues
Cause MP Version 8 uses dataset rules to collect host security profiles and snapshots. When a collector is installed on an agent, there is no issue. The data is forwarded to Management Server and written to DW under the DW account. When a collector runs on a Management Server which is our use cas...
Security and Privacy Assurance Research: SPARTA Framework
Security and Privacy Assurance Research Developed as a part of MIT Lincoln Laboratory’s test and evaluation role in the SPAR Security and Privacy Assurance Research program , SPARTA SPAR Testing and Assessment framework is a set of software applications used to evaluate the functionality and...
[SECURITY] Fedora 24 Update: redis-3.2.8-1.fc24
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...
Open Source Malware Clusterization Toolkit: Cosa Nostra
Open Source Malware Clusterization Toolkit Cosa Nostra is an open source software clustering toolkit with a focus on malware analysis. It can create phylogenetic trees of binary malware samples that are structurally similar. It was initially released during SyScan360 Shanghai 2016. Required 3rd...
SAP NetWeaver AS ABAP 7.4 Directory Traversal
Application: SAP NetWeaver AS ABAP Versions Affected: SAP NetWeaver AS ABAP 7.4 Vendor URL: http://SAP.com Bugs: Directory traversal Sent: 22.04.2016 Reported: 23.04.2016 Vendor response: 23.04.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2312966 Author: Daria Prosochkina...
CVE-2016-4331
When decoding data out of a dataset encoded with the H5ZNBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution...
UBUNTU-CVE-2016-4331
When decoding data out of a dataset encoded with the H5ZNBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution...
CVE-2016-4331
When decoding data out of a dataset encoded with the H5ZNBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution...
HDF5 Group libhdf5 H5T_COMPOUND Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0179 HDF5 Group libhdf5 H5TCOMPOUND Code Execution Vulnerability November 17, 2016 CVE Number CVE-2016-4333 Description HDF5 is a file format that is maintained by a non-profit organization, The HDF Group. HDF5 is designed to be used for storage and...