Adversarial Robustness Toolbox: ART

The Adversarial Robustness Toolbox ART, an open source software library, supports both researchers and developers in defending deep neural networks against adversarial attacks, making AI systems more secure. Its purpose is to allow rapid crafting and analysis of attack and defense methods for...

Fedora Update for nodejs-deep-extend FEDORA-2018-636f73964f

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 28 Update: nodejs-deep-extend-0.5.1-1.fc28

Recursive object extending...

FortiOS SSL Deep-Inspection Proxy Mode badssl.com Compliance

US-Cert published a document at which outlines some security flaws that may be introduced by the use of SSL Deep-Inspection.Â...

CVE-2018-3750

The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...

Trend Micro Deep Discovery Director Has Multiple Vulnerabilities

Trend Micro Deep Discovery Director is used to detect, analyze and respond to targeted attacks in real time. Trend Micro Deep Discovery Director has multiple vulnerabilities that can be exploited by attackers to access sensitive information, perform unauthorized actions around security...

Prototype Pollution

Overview Versions of deep-extend before 0.5.1 are vulnerable to prototype pollution. Recommendation Update to version 0.5.1 or later. References - HackerOne Report - GitHub Advisory...

Prototype Pollution

Overview Versions of default-deep before 0.2.4 are vulnerable to prototype pollution Recommendation Update to version 0.2.4 or later. References - HackerOne Report - GitHub Advisory...

Prototype Pollution

Overview Versions of merge-deep before 3.0.1 are vulnerable to prototype pollution via merging functions. Recommendation Update to version 3.0.1 or later. References - HackerOne Report - GitHub Advisory...

Prototype Pollution

Overview Versions of mixin-deep before 1.3.1 are vulnerable to prototype pollution via merging functions. Recommendation Update to version 1.3.1 or later. References - HackerOne Report - GitHub Advisory...

CVE-2018-10191

In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrbvmexec when handling OPGETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code...

Prototype Pollution

deep-extend is vulnerable to prototype pollution attacks. The vulnerability exists in the utility function where the prototype of Object can be overwritten to add or modify existing property on all objects...

Microsoft Edge Charka JIT Incomplete Fix For Issue 1420

Microsoft Edge: Chakra: JIT: The fix for issue 1420 is incomplete. CVE-2018-0933 Here's a snippet of JavascriptArray::BoxStackInstance. To fix issue 1420 , "deepCopy" was introduced. It only deep-copies the array when "instance-head" is on the stack. So simply by adding a single line of code that...

Null pointer dereference

The pushdup function in util/decompile.c in libming through 0.4.8 does not recognize the need for ActionPushDuplicate to perform a deep copy when a String is at the top of the stack, making the library vulnerable to a util/decompile.c getName NULL pointer dereference, which may allow attackers to...

CVE-2018-9165

The pushdup function in util/decompile.c in libming through 0.4.8 does not recognize the need for ActionPushDuplicate to perform a deep copy when a String is at the top of the stack, making the library vulnerable to a util/decompile.c getName NULL pointer dereference, which may allow attackers to...

CVE-2018-9165

The pushdup function in util/decompile.c in libming through 0.4.8 does not recognize the need for ActionPushDuplicate to perform a deep copy when a String is at the top of the stack, making the library vulnerable to a util/decompile.c getName NULL pointer dereference, which may allow attackers to...

CVE-2018-9165

The pushdup function in util/decompile.c in libming through 0.4.8 does not recognize the need for ActionPushDuplicate to perform a deep copy when a String is at the top of the stack, making the library vulnerable to a util/decompile.c getName NULL pointer dereference, which may allow attackers to...

Machine Learning Penetration Testing: GyoiThon

GyoiThon is a growing penetration test tool using Deep Learning. Deep Learning improves classification accuracy in proportion to the amount of learning data. Therefore, GyoiThon will be taking in new learning data during every scan. Since GyoiThon uses various features of software included in HTT...

ISPs Caught Injecting Cryptocurrency Miners and Spyware In Some Countries

Governments in Turkey and Syria have been caught hijacking local internet users' connections to secretly inject surveillance malware, while the same mass interception technology has been found secretly injecting browser-based cryptocurrency mining scripts into users' web traffic in Egypt...

Prototype Pollution

defaults-deep is vulnerable to prototype pollution attacks. Attackers can add or modify existing properties relating to an Object by using the utilities function to change the prototype of said Object. Using this flaw, attackers can trigger denial of service DoS attacks and in some situations...