PayTR Ödeme Ve Elektronik Para Kuruluşu A.Ş. Security Vulnerabilities

TensorFlow has Floating Point Exception in AudioSpectrogram

Impact version:2.11.0 //core/ops/audio_ops.cc:70 Status SpectrogramShapeFn(InferenceContext* c) { ShapeHandle input; TF_RETURN_IF_ERROR(c->WithRank(c->input(0), 2, &input)); int32_t window_size; TF_RETURN_IF_ERROR(c->GetAttr("window_size", &window_size)); int32_t stride;...

LibreOffice vulnerabilities

Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages libreoffice - Office productivity suite Details USN-6546-1 fixed vulnerabilities in LibreOffice. This update provides the corresponding updates for Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Original advisory details: Reginaldo Silva discovered...

TensorFlow vulnerable to Out-of-Bounds Read in GRUBlockCellGrad

Impact Out of bounds read in GRUBlockCellGrad ```python func = tf.raw_ops.GRUBlockCellGrad para = {'x': [[21.1, 156.2], [83.3, 115.4]], 'h_prev': array([[136.5], [136.6]]), 'w_ru': array([[26.7, 0.8], [47.9, 26.1], [26.2, 26.3]]), 'w_c': array([[ 0.4], [31.5], [...

How to Protect Your Privacy Online

Decoding the Complexities of Digital Personhood and Its Private Aspects: Elemental Groundwork As we stride through this tech-propelled age, concerns related to internet-bound privacy have risen as pressing hurdles for all cyber inhabitants around the planet. Considering the ever-broadening...

The top 4 ransomware gang failures of 2023

Ransomware gangs care about one thing: Stealing money. Over time, their craven, cybercriminal efforts have toppled businesses, destabilized hospitals, and ruined lives. Worst of all, they show no sign of slowing down, and their extortion attempts—which no longer focus on ransomware delivery...

LibreOffice vulnerabilities

Releases Ubuntu 23.10 Ubuntu 23.04 Packages libreoffice - Office productivity suite Details Reginaldo Silva discovered that LibreOffice incorrectly handled filenames when passing embedded videos to GStreamer. If a user were tricked into opening a specially crafted file, a remote attacker...

Ubuntu 20.04 LTS / 22.04 LTS : LibreOffice vulnerabilities (USN-6546-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6546-2 advisory. Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute...

Amazon Linux 2 : glibc (ALAS-2023-2371)

The version of glibc installed on the remote host is prior to 2.26-57. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2371 advisory. The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the...

CVE-2021-37625

Skytable is an open source NoSQL database. In versions prior to 0.6.4 an incorrect check of return value of the accept function in the run-loop for a TCP socket/TLS socket/TCP+TLS multi-socket causes an early exit from the run loop that should continue infinitely unless terminated by a local user,....

CVE-2021-32814

Skytable is a NoSQL database with automated snapshots and TLS. Versions prior to 0.5.1 are vulnerable to a a directory traversal attack enabling remotely connected clients to destroy and/or manipulate critical files on the host's file system. This security bug has been patched in version 0.5.1....

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libreoffice (SUSE-SU-2023:4496-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4496-1 advisory. A flaw was found in the Libreoffice package. An attacker can craft an odb containing a...

Amazon Linux 2 : libreoffice (ALASLIBREOFFICE-2023-001)

The version of libreoffice installed on the remote host is prior to 5.3.6.1-21. It is, therefore, affected by a vulnerability as referenced in the ALAS2LIBREOFFICE-2023-001 advisory. A flaw was found in the Libreoffice package. An attacker can craft an odb containing a database/script file...

Debian DLA-3526-1 : libreoffice - LTS security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3526 advisory. Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the...

Ubuntu 20.04 LTS / 22.04 LTS : LibreOffice vulnerabilities (USN-6144-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6144-1 advisory. Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker...

A personal Year in Review to round out 2023

As you've probably seen by now, Talos released our 2023 Year in Review report last week. It's an extremely comprehensive look at the top threats, attacker trends and malware families from the past year with never-before-seen Cisco Talos telemetry. We have podcasts, long-form videos and even Reddit....

Debian DSA-5415-1 : libreoffice - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5415 advisory. Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a...

Oracle Linux 8 : libreoffice (ELSA-2023-6933)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6933 advisory. Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause...

Oracle Linux 9 : libreoffice (ELSA-2023-6508)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6508 advisory. A flaw was found in the Libreoffice package. An attacker can craft an odb containing a database/script file with a SCRIPT command where the...

CentOS 8 : libreoffice (CESA-2023:6933)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:6933 advisory. Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code...

CVE-2023-22524: RCE Vulnerability in Atlassian Companion for macOS

TL;DR This blog unveils a remote code execution vulnerability, identified as CVE-2023-22524, in Atlassian Companion for macOS, which has recently been patched. This critical vulnerability stemmed from an ability to bypass both the app's blocklist and macOS Gatekeeper, potentially allowing the...

[SECURITY] [DSA 5574-1] libreoffice security update

Debian Security Advisory DSA-5574-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 11, 2023 https://www.debian.org/security/faq Package : libreoffice CVE ID : CVE-2023-6185 CVE-2023-6186...

K53252134 : Intel BIOS vulnerability CVE-2021-0155

Security Advisory Description Unchecked return value in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. (CVE-2021-0155) Impact A local attacker logged-in as a privileged user can exploit the vulnerability to.....

K04303225 : Intel BIOS vulnerability CVE-2021-0190

Security Advisory Description Uncaught exception in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. (CVE-2021-0190) Impact A local attacker logged in as a privileged user can exploit the vulnerability to...

K16162257 : Intel BIOS vulnerability CVE-2021-0154

Security Advisory Description Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. (CVE-2021-0154) Impact A local attacker logged in as a privileged user can exploit the...

How to Build a Cybersecurity Culture in Your Company

Decoding the Essential Components of Cyber Safeguard Culture In today's era, marked by copious dependencies on digital technologies, strengthening defenses against digital security vulnerabilities has become more than just a choice, it's a critical necessity. Establishing a culture of cyber...

EulerOS Virtualization for ARM 64 3.0.6.0 : glibc (EulerOS-SA-2021-2000)

According to the version of the glibc packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input ...

K14454359 : Intel BIOS vulnerability CVE-2021-0153

Security Advisory Description Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2021-0153) Impact A local attacker logged in as a privileged user can exploit this vulnerability to...

K43541501 : Intel CPU vulnerabilities CVE-2022-21131 and CVE-2022-21136

Security Advisory Description CVE-2022-21131 Improper access control for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21136 Improper input validation for some Intel(R) Xeon(R) Processors may allow a...

K87351324 : Intel BIOS vulnerability CVE-2021-33124

Security Advisory Description Out-of-bounds write in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2021-33124) Impact A local attacker logged in as a privileged user can exploit the...

K55051330 : Intel BIOS vulnerability CVE-2021-33123

Security Advisory Description Improper access control in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2021-33123) Impact A local attacker logged in as a privileged user can exploit...

Recommendations that defenders can use from Talos’ Year in Review Report

The Talos Year in Review is available now and contains a wealth of insights about how the threat landscape has shifted in 2023. With new ransomware strains emerging from leaked source code, commodity loaders adding more reconnaissance measures to their belts, and geopolitical events influencing...

Wordfence CLI 2.1.0 Adds Email Capability and Unattended Configuration

Note: This post refers to Wordfence CLI, the command line tool for operations teams to rapidly scan large numbers of WordPress websites for vulnerabilities and malware, not the Wordfence plugin which is deeply integrated into WordPress and provides additional functionality, like a firewall,...

ALPHV ransomware gang returns, sorta

The ALPHV ransomware gang, arguably the second most dangerous "big game" ransomware operator, appears to be back in business after its infrastructure went down for five days. But all does not appear to be going well for group. ALPHV's dark web leak site may be back but it is only showing a single.....

Amazon Linux 2 : glibc (ALAS-2021-1656)

The version of glibc installed on the remote host is prior to 2.26-47. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1656 advisory. In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap- based buffer...

cremas-para-la-piel.es Cross Site Scripting vulnerability OBB-3611268

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

The malware, attacker trends and more that shaped the threat landscape in 2023

The 2023 Cisco Talos Year in Review is now available to download. Once again, the Talos team has meticulously combed through a massive amount of data to analyze the major trends that have shaped the threat landscape in 2023. Global conflict influenced a lot of these trends, altering the tactics...

A Robot the Size of the World

In 2016, I wrote about an Internet that affected the world in a direct, physical manner. It was connected to your smartphone. It had sensors like cameras and thermostats. It had actuators: Drones, autonomous cars. And it had smarts in the middle, using sensor data to figure out what to do and then....

New Critical RCE Vulnerability Discovered in Apache Struts 2 - Patch Now

Apache has released a security advisory warning of a critical security flaw in the Struts 2 open-source web application framework that could result in remote code execution. Tracked as CVE-2023-50164, the vulnerability is rooted in a flawed "file upload logic" that could enable unauthorized path...

Ransomware review: December 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...

EulerOS 2.0 SP8 : glibc (EulerOS-SA-2021-2295)

According to the version of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread...

PassBreaker - Command-line Password Cracking Tool Developed In Python

PassBreaker is a command-line password cracking tool developed in Python. It allows you to perform various password cracking techniques such as wordlist-based attacks and brute force attacks. Features Wordlist-based password cracking Brute force password cracking Support for multiple hash...

Breaking Laptop Fingerprint Sensors

They're not that good: Security researchers Jesse D'Aguanno and Timo Teräs write that, with varying degrees of reverse-engineering and using some external hardware, they were able to fool the Goodix fingerprint sensor in a Dell Inspiron 15, the Synaptic sensor in a Lenovo ThinkPad T14, and the...

Exploit for CVE-2023-38831

CVE-2023-38831 En este caso, os comparto los archivos...

Why a ransomware gang tattled on its victim, with Allan Liska: Lock and Code S04E24

This week on the Lock and Code podcast… Like the grade-school dweeb who reminds their teacher to assign tonight's homework, or the power-tripping homeowner who threatens every neighbor with an HOA citation, the ransomware group ALPHV can now add itself to a shameful roster of pathetic, little...

Business Logic Errors in Para

Paraara prior to version 1.46.0 is vulnerable to business logic errors. A user can create more than one app, even after they reach the app...

Roblox and Twitch provider Tipalti breached by ransomware [updated]

As a response to this post, Tipalti reached out to us and asked us to post the following statement: Tipalti takes the security of our systems and data very seriously and has strong security protocols and tools in place. The Tipalti cybersecurity team and third-party forensic experts have been...

Exploit for Path Traversal in Wso2 Api Manager

WSO2RCE A...

Malicious code in ve-loaer (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (f591aa173fa95037c0279b301e3fe1d86b8db7b3165221944fb20fd10021e7ad) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Moderate: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

Malicious code in @ve-private/test-helpers (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (e73ba0906187090a33e73c6a146b31a05e8782ec0d8c29320a769b85da801781) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...