11 matches found
mistune: catastrophic backtracking
A regular expression denial of service ReDoS flaw was found in the asteris emphasis regular expression implementation in Mistune. By sending specially-crafted regex input, a remote attacker could invoke a catastrophic backtrack, resulting in a denial of service...
[SECURITY] Fedora 43 Update: libsodium-1.0.21-2.fc43
Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further. Its goal is to provide all of t...
TED-LaST: Towards Robust Backdoor Defense against Adaptive Attacks
Deep Neural Networks DNNs are vulnerable to backdoor attacks, where attackers implant hidden triggers during training to maliciously control model behavior. Topological Evolution Dynamics TED has recently emerged as a powerful tool for detecting backdoor attacks in DNNs. However, TED can be...
We Asked ChatGPT for 2024 Cybersecurity Predictions but You Should Make These Resolutions Instead
By Caitlin Condon, Senior Manager, Vulnerability Research at Rapid7, and Christiaan Beek, Senior Director, Threat Analytics at Rapid7 It’s that time of year again — time for the annual tradition of cybersecurity predictions. Here at Rapid7 we’ve seen a whole lot of threats and exploited...
CVE-2023-49803 @koa/cors has overly permissive origin policy
@koa/cors npm provides Cross-Origin Resource Sharing CORS for koa, a web framework for Node.js. Prior to version 5.0.0, the middleware operates in a way that if an allowed origin is not provided, it will return an Access-Control-Allow-Origin header with the value of the origin from the request...
[SECURITY] Fedora 35 Update: python-markdown2-2.4.2-1.fc35
Markdown is a text-to-HTML filter; it translates an easy-to-read / easy-to-write structured text format into HTML. Markdown's text format is most similar to that of plain text email, and supports features such as headers, emphasis, code blocks, blockquotes, and links. This is a fast and complete...
[SECURITY] Fedora 34 Update: python-markdown2-2.4.0-1.fc34
Markdown is a text-to-HTML filter; it translates an easy-to-read / easy-to-write structured text format into HTML. Markdown's text format is most similar to that of plain text email, and supports features such as headers, emphasis, code blocks, blockquotes, and links. This is a fast and complete...
[SECURITY] Fedora 30 Update: bijiben-3.32.1-2.fc30
Simple note editor which emphasis on visuals : quickly write notes, quickly find it back...
Bountycraft at Nullcon 2017
Security is a critical component of our products at Microsoft. A strong emphasis on security is a persistent factor throughout our entire development process. Microsoft is committed to designing and developing secure software. Testing is performed both internally and by working closely with the...
OECD said Cyber attacks could create 'perfect strom' !!
Attacks on computer systems now have the potential to cause global catastrophe, but only in combination with another disaster, the Organisation for Economic Cooperation and Development OECD said in a report on Monday. The study, part of a wider OECD project examining possible "Future Global Shock...
NSA: Our Development Methods Are in the Open Now
WASHINGTON–Despite its reputation for secrecy and technical expertise, the National Security Agency doesn’t have a set of secret coding practices or testing methods that magically make their applications and systems bulletproof. In fact, one of the agency’s top technical experts said that virtual...