SoReL-20M: A Huge Dataset of 20 Million Malware Samples Released Online

Cybersecurity firms Sophos and ReversingLabs on Monday jointly released the first-ever production-scale malware research dataset to be made available to the general public that aims to build effective defenses and drive industry-wide improvements in security detection and response. "SoReL-20M"...

Friday Squid Blogging: Newly Identified Ichthyosaur Species Probably Ate Squid

This is a deep-diving species that "fed on small prey items such as squid." Academic paper. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

deep-floorplan (=0.0.0), tensorflowtts (>=1.1.0 <=1.6.1) potentially affected by CVE-2020-26267 via tensorflow-gpu (>=2.3.0 <=2.3.1)

tensorflow-gpu PYPI version =2.3.0, =1.1.0, =1.6.1 Source cves: CVE-2020-26267 Source advisory: OSV:PYSEC-2020-333...

deep-floorplan (=0.0.0), tensorflowtts (>=1.1.0 <=1.6.1) potentially affected by CVE-2020-26268 via tensorflow-gpu (>=2.3.0 <=2.3.1)

tensorflow-gpu PYPI version =2.3.0, =1.1.0, =1.6.1 Source cves: CVE-2020-26268 Source advisory: OSV:PYSEC-2020-334...

deep-floorplan (=0.0.0), tensorflowtts (>=1.1.0 <=1.6.1) potentially affected by CVE-2020-26266 via tensorflow-gpu (>=2.3.0 <=2.3.1)

tensorflow-gpu PYPI version =2.3.0, =1.1.0, =1.6.1 Source cves: CVE-2020-26266 Source advisory: OSV:PYSEC-2020-332...

deep-floorplan (=0.0.0), tensorflowtts (>=1.1.0 <=1.6.1) potentially affected by CVE-2020-26270 via tensorflow-gpu (>=2.3.0 <=2.3.1)

tensorflow-gpu PYPI version =2.3.0, =1.1.0, =1.6.1 Source cves: CVE-2020-26270 Source advisory: OSV:PYSEC-2020-336...

deep-floorplan (=0.0.0), tensorflowtts (>=1.1.0 <=1.6.1) potentially affected by CVE-2020-26271 via tensorflow-gpu (>=2.3.0 <=2.3.1)

tensorflow-gpu PYPI version =2.3.0, =1.1.0, =1.6.1 Source cves: CVE-2020-26271 Source advisory: OSV:PYSEC-2020-337...

deep-floorplan (=0.0.0), tensorflowtts (>=1.1.0 <=1.6.1) potentially affected by CVE-2020-26271 via tensorflow-gpu (>=2.3.0 <=2.3.1)

tensorflow-gpu PYPI version =2.3.0, =1.1.0, =1.6.1 Source cves: CVE-2020-26271 Source advisory: OSV:GHSA-Q263-FVXM-M5MW...

deep-floorplan (=0.0.0), tensorflowtts (>=1.1.0 <=1.6.1) potentially affected by CVE-2020-26270 via tensorflow-gpu (>=2.3.0 <=2.3.1)

tensorflow-gpu PYPI version =2.3.0, =1.1.0, =1.6.1 Source cves: CVE-2020-26270 Source advisory: OSV:GHSA-M648-33QF-V3GP...

deep-floorplan (=0.0.0), tensorflowtts (>=1.1.0 <=1.6.1) potentially affected by CVE-2020-26268 via tensorflow-gpu (>=2.3.0 <=2.3.1)

tensorflow-gpu PYPI version =2.3.0, =1.1.0, =1.6.1 Source cves: CVE-2020-26268 Source advisory: OSV:GHSA-HHVC-G5HV-48C6...

deep-floorplan (=0.0.0), tensorflowtts (>=1.1.0 <=1.6.1) potentially affected by CVE-2020-26266 via tensorflow-gpu (>=2.3.0 <=2.3.1)

tensorflow-gpu PYPI version =2.3.0, =1.1.0, =1.6.1 Source cves: CVE-2020-26266 Source advisory: OSV:GHSA-QHXX-J73R-QPM2...

Friday Squid Blogging: Bigfin Squid Found in Australian Waters

A bigfin squid has been found -- and filmed -- in Australian waters for the first time. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

Friday Squid Blogging: Ram’s Horn Squid Video

This is the first video footage of a rams horn squid Spirula spirula . As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

File Upload Vulnerability in Baidu Deep Blue Alliance Personnel Management System

Baidu Deep Blue Alliance personnel management system is an OA system project. A file upload vulnerability exists in the Baidu Deep Blue Alliance Personnel Management System, which can be exploited by an attacker to gain control of the server...

Lightbend Play Framework Denial of Service Vulnerability

Lightbend Play Framework is the United States Lightbend company a use of Scala language written in the Web application framework. A denial of service vulnerability exists in PlayJava in Play Framework versions 2.6.0 through 2.8.2. The vulnerability can be exploited by an attacker to cause a...

Deep Instinct Windows Agent 1.2.24.0 - (DeepNetworkService) Unquoted Service Path Vulnerability

Exploit Title: Deep Instinct Windows Agent 1.2.24.0 - 'DeepNetworkService' Unquoted Service Path Discovery by: Paulina Girón Vendor Homepage: https://www.deepinstinct.com/ Software Links :...

Deep Instinct Windows Agent 1.2.24.0 - &#039;DeepNetworkService&#039; Unquoted Service Path

Exploit Title: Deep Instinct Windows Agent 1.2.24.0 - 'DeepNetworkService' Unquoted Service Path Discovery by: Paulina Girón Discovery Date: 2020-11-07 Vendor Homepage: https://www.deepinstinct.com/ Software Links :...

Deep Instinct Windows Agent 1.2.24.0 Unquoted Service Path

Exploit Title: Deep Instinct Windows Agent 1.2.24.0 - 'DeepNetworkService' Unquoted Service Path Discovery by: Paulina Girón Discovery Date: 2020-11-07 Vendor Homepage: https://www.deepinstinct.com/ Software Links :...

CVE-2020-27196

An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint that may or may not expect JSON payloads causes a StackOverflowError and Denial of...

PT-2020-5887 · Openexr +5 · Openexr +5

Name of the Vulnerable Software and Affected Versions: OpenEXR versions prior to 3.0.0-beta Description: The issue is related to a flaw in OpenEXR's deep tile sample size calculations, which can lead to an integer overflow and subsequently an out-of-bounds read when a crafted file is processed...