19 matches found
EUVD-2022-5032
Malicious code in bioql PyPI...
MADCAT: Combating Malware Detection under Concept Drift with Test-Time Adaptation
We present MADCAT, a self-supervised approach designed to address the concept drift problem in malware detection. MADCAT employs an encoder-decoder architecture and works by test-time training of the encoder on a small, balanced subset of the test-time data using a self-supervised objective. Duri...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from old data overwriting new data...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from marking a page as dirty even if CMPXCHG fails because old data is written back on failure, i.e. the page is...
SUSE CVE-2018-16862
A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation removal. The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one...
GHSA-QV6F-RCV6-6Q3X Improper handling of REST API XML deserialization errors in Jenkins
Jenkins provides XML REST APIs to configure views, jobs, and other items. When deserialization fails because of invalid data, Jenkins 2.274 and earlier, LTS 2.263.1 and earlier stores invalid object references created through these endpoints in the Old Data Monitor. If an administrator discards t...
Improper handling of REST API XML deserialization errors in Jenkins
Jenkins provides XML REST APIs to configure views, jobs, and other items. When deserialization fails because of invalid data, Jenkins 2.274 and earlier, LTS 2.263.1 and earlier stores invalid object references created through these endpoints in the Old Data Monitor. If an administrator discards t...
UBUNTU-CVE-2021-43173
In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP...
Open-xchange OX App Suite 跨站脚本漏洞
Open-xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange Open-xchange USA. The environment allows users to more intuitively manage email, tasks, files, and more. A cross-site scripting vulnerability exists in OX App Suite, which stems from an XSS vulnerability...
jenkins: Improper handling of REST API XML deserialization errors
A flaw was found in jenkins. An attacker with permission to create or configure various objects to inject crafted content into Old Data Monitor can cause the instantiation of potentially unsafe objects once discarded by an administrator. The highest threat from this vulnerability is to data...
Authorization Bypass
jenkins is vulnerable to authorization bypass. The vulnerability allows users permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator...
CVE-2021-21604
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator...
Design/Logic Flaw
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator...
CVE-2021-21604
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator...
CVE-2021-21604
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator...
PT-2021-14647 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.274 and earlier, LTS versions 2.263.1 and earlier Description: The issue allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor, resulting in the instantiatio...
CIS Releases Newsletter on Cleaning Up Data and Devices
The Center for Internet Security CIS July Newsletter reminds users to properly dispose of old or unused data and devices. Without careful management of online accounts, cloud storage, physical storage, and electronic devices, users could inadvertently disclose sensitive information that can be...
PT-2019-16921 · Ibm · Ibm Spectrum Protect +1
Name of the Vulnerable Software and Affected Versions: IBM Tivoli Storage Manager Server IBM Spectrum Protect versions 7.1 through 8.1 Description: The issue allows a local user to replace existing databases by restoring old data. Recommendations: For versions 7.1 through 8.1, update to a version...
CVE-2018-16862
A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation removal. The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one...