15 matches found
Adobe DNG File Security Scanner
This program is a defensive security tool designed to analyze DNG Digital Negative image files and detect potential signs of malicious manipulation or exploit attempts. It performs a low-level inspection of the file structure by parsing the TIFF header and scanning raw binary content for suspicio...
EUVD-2021-29658
Malicious code in bioql PyPI...
Poisoned Data, Malicious Manipulation: NIST Study Reveals AI Vulnerabilities
By Waqas NIST Unveils Insights on AI Vulnerabilities and Potential Threats.w This is a post from HackRead.com Read the original post: Poisoned Data, Malicious Manipulation: NIST Study Reveals AI Vulnerabilities...
Malicious user can drastically boost their voting power by increase a dust amount in lock
Lines of code Vulnerability details Impact A user's weight on a gauge weight voting by design decay with time. However, a user can simply bypass the decay by increasing a dust amount in their lock in VotingEscrow.sol. I think this is high severity due to easy and cheap manipulation. Proof of...
The USDOLeverageModule contract's leverageUp function allows for dangerous call delegation
Lines of code Vulnerability details Impact The USDOLeverageModule contract is a module that is used by the BaseUSDO contract to facilitate functionality for leverage actions. The module functionality is invoked through the invocation of a delegatecall within the BaseUSDO contract's executeModule...
Malicious claimer could arbitrage the prize-claiming functionality
Lines of code Vulnerability details Impact The feePerClaim is a user controlled parameter which tops at tierLiquidity.prizeSize for a given tier see here for that. That means the CLAIMER can set arbitrary fees for a given call to claimPrize to increase maliciously the collected fees with //...
_movingAverage may drift
Lines of code Vulnerability details Impact The moving average is critical for the RBS-system. Its current calculation allows for compounding drift, randomly as well as maliciously, detaching from the true value, which invalidates the entire system, including affecting the way funds are handled...
CVE-2021-42698
Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory...
Design/Logic Flaw
Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory...
CVE-2021-42698 AzeoTech DAQFactory
Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory...
Vulntober: Multiple Mobile Browser Address Bar Spoofing Vulnerabilities
Today, we're announcing a coordinated vulnerability disclosure publication with our longtime mobile hacker friend, Rafay Baloch. If you'd like to just jump straight to the technical details for these vulnerabilities, I invite you to read his paper here. If you want to know more about why this...
ASUS Patches Live Update Bug That Allowed APT to Infect Thousands of PCs
ASUS has expedited a patch for a major bug impacting thousands of PCs that allowed an advanced persistent threat group to launch a supply-chain attack dubbed “Operation ShadowHammer.” The vulnerability targeted a range of new ASUS PCs with a backdoor injection technique tied to the PC-maker’s...
Release the KRACKen: flaw in Wi-Fi security leaves users vulnerable
A serious flaw in the wireless protocol that secures all modern protected Wi-Fi networks has been discovered. How serious? If your device supports Wi-Fi, it is most likely affected. This feasible attack, dubbed KRACK, could abuse design or implementation flaws in the Wi-Fi standard, not some...
Strategic Principles for Securing the IoT
DHS has released a set of Strategic Principles for Securing the Internet of Things IoT to help inform consumers, operators and manufacturers in their decision-making regarding networked and networkable devices. While the IoT can provide efficiency, convenience, and interactivity features that are...
Concurrency-related vulnerabilities in browsers - expect problems
Good morning, "Fame-hungry sociopath torches cars, finds browser flaws WARSAW, Poland AP -- police are on a look out for a local adolescent vandal who continues to terrorize local IT workers in what appears to be a bizzare bid for fame. Larry Seltzer reports from the scene." Well, I just had to d...