4 matches found
Intel Neural Compressor <2.5.0 - SQL Injection
Improper input validation in some IntelR Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access. id: CVE-2024-22476 info: name: Intel Neural Compressor 2.5.0 - SQL Injection author: ritikchaddha severity:...
Software defense: mitigating common exploitation techniques
In our previous posts in this series, we described various mitigation improvements that attempt to prevent the exploitation of specific classes of memory safety vulnerabilities such as those that involve stack corruption, heap corruption, and unsafe list management and reference count...
Software Defense: mitigating stack corruption vulnerabilties
Introduction One of the oldest forms of memory safety exploitation is that of stack corruption vulnerabilities, with several early high-profile exploits being of this type. It seems fitting therefore to kick off this Software Defense series by looking at the status of software defense today with...
Software Defense Series: Exploit mitigation and vulnerability detection
Software Defense is a broad topic requiring a multipronged approach including: - the processes and tooling associated with secure development that we try and encapsulate within the Microsoft SDL, - core OS countermeasures that make exploitation of a given vulnerability more difficult for an...