Locating malicious drone operators through deep neural networks

By Zara Khan Researchers at Ben Gurion University have developed a technique... This is a post from HackRead.com Read the original post: Locating malicious drone operators through deep neural networks...

Ntop nDPI Buffer Overflow Vulnerability (CNVD-2020-36703)

Ntop nDPI is an open source library for deep packet inspection from Ntop Italy. A buffer overflow vulnerability exists in the ndpisearchoracle file in lib/protocols/oracle.c in Ntop nDPI 3.2 and earlier versions. The vulnerability stems from a network system or product performing operations in...

Ntop nDPI Buffer Overflow Vulnerability (CNVD-2020-36700)

Ntop nDPI is an open source library for deep packet inspection from Ntop Italy. A buffer overflow vulnerability exists in the ndpisearchopenvpn file in lib/protocols/openvpn.c in Ntop nDPI 3.2 and earlier versions. The vulnerability stems from a network system or product performing operations in...

Ntop nDPI Resource Management Error Vulnerability

Ntop nDPI is an open source library for deep packet inspection from Ntop Italy. A resource management error vulnerability exists in ndpiresetpacketlineinfo in the lib/ndpimain.c file in Ntop nDPI 3.2 and earlier versions. The vulnerability stems from mismanagement of system resources e.g., memory...

DEBIAN-CVE-2020-15475

In nDPI through 3.2, ndpiresetpacketlineinfo in lib/ndpimain.c omits certain reinitialization, leading to a use-after-free...

DEBIAN-CVE-2020-15471

In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpiparsepacketlineinfo in lib/ndpimain.c...

AZL-44481 CVE-2020-15305 affecting package OpenEXR 2.3.0-6

An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile in IlmImf/ImfDeepScanLineInputFile.cpp...

PT-2020-6206 · Ilmbase +4 · Openexr +4

Name of the Vulnerable Software and Affected Versions: OpenEXR versions prior to 2.5.2 Description: An issue in OpenEXR is related to the use of memory after it has been freed, specifically in the DeepScanLineInputFile::DeepScanLineInputFile function. This can be caused by invalid input and may...

nodejs-deep-extend: Prototype pollution can allow attackers to modify object properties

The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...

Treck IP stacks contain multiple vulnerabilities

Overview Treck IP stack implementations for embedded systems are affected by multiple vulnerabilities. This set of vulnerabilities was researched and reported by JSOF, who calls them Ripple20. Description Treck IP network stack software is designed for and used in a variety of embedded systems. T...

CVE-2020-0219

In onCreate of SliceDeepLinkSpringBoard.java there is a possible insecure Intent. This could lead to local elevation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-122836081...

Friday Squid Blogging: Shark vs. Squid

National Geographic has a photo of a 7-foot long shark that fought a giant squid and lived to tell the tale. Or, at least, lived to show off the suction marks on his skin. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blo...

Recox - Master Script For Web Reconnaissance

The script aims to help in classifying vulnerabilities in web applications. The methodology RecoX is arising can spot weaknesses other than OWASP top ten. The script presents information against the target system. It gathers the information recursively over each subdomain, and IP addr for a...

keycloak: missing input validation in IDP authorization URLs

A flaw was found in Keycloak, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients...

Friday Squid Blogging: Humboldt Squid Communication

Humboldt Squid communicate by changing their skin patterns and glowing. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

Updated nodejs-set-value packages fix security vulnerability

Updated nodejs-set-value package fixes security vulnerability: A vulnerability was found in NOdejs set-value, where set-value is vulnerable to prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a...

Node.js third-party modules: [plain-object-merge] Prototype pollution

I would like to report a prototype pollution vulnerability in plain-object-merge module. It allows an attacker to inject properties on Object.prototype. Module module name: plain-object-merge version: 1.0.1 npm page: https://www.npmjs.com/package/plain-object-merge Module Description Extremely fa...

Microsoft researchers work with Intel Labs to explore new deep learning approaches for malware classification

The opportunities for innovative approaches to threat detection through deep learning, a category of algorithms within the larger framework of machine learning, are vast. Microsoft Threat Protection today uses multiple deep learning-based classifiers that detect advanced threats, for example,...

Friday Squid Blogging: Humboldt Squid Backlight Themselves to Communicate More Clearly

This is neat: Deep in the Pacific Ocean, six-foot-long Humboldt squid are known for being aggressive, cannibalistic and, according to new research, good communicators. Known as "red devils," the squid can rapidly change the color of their skin, making different patterns to communicate, something...

Industrial Light and Magic OpenEXR Input Validation Error Vulnerability

Industrial Light and Magic LIM OpenEXR is an image file format from Industrial Light and Magic LIM, USA, for high dynamic range HDR images. An input validation error vulnerability exists in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock in versions of LIM OpenE...