Aggregator

本文章主要记录cyberstrikelab的lab17打靶过程

Alex Fitzsimmons, the acting director of the Office of Cybersecurity, Energy Security, and Emergency Response (CESER), said the plan is meant to supplement the recently-published national cyber strategy and will focus on how the agency will strengthen the “security resilience” of the energy sector.

基于 Vue + SpringBoot 构建的前后端分离的 Java 安全靶场，正式开源分享，内容丰富、持续更新、欢迎体验。

哪些孩子在学校更努力？他们的努力程度与其社会出身有何关系？根据发表在《American Sociological Review》上的一项研究，来自优渥家庭的学龄儿童比来自贫困环境的孩子表现出更高的认知努力，尤其是在没有奖励且仅靠内在动力的情况下。尽管如此，两组之间的差距并不大，且可以通过激励措施得到补偿：当提供小奖品（如玩具或社会认可）时，资源匮乏家庭的孩子所表现出的投入程度与家庭环境较好的同龄人非常接近。研究人员指出，与努力相关的行为受社会环境制约，因为家庭可利用资源以及儿童在日常生活中感受到的安全感起着至关重要的作用。在匮乏的环境中成长（缺乏经济手段或缺乏父母的关注时间）会使个体难以长时间集中精力完成某项任务。

Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environments using domain name system (DNS) queries. In a report published Monday, BeyondTrust revealed that Amazon Bedrock AgentCore Code Interpreter's sandbox mode permits outbound DNS queries that an attacker can exploit to enable interactive shells

Теперь он милый, только вот стоит как Tesla…

A vulnerability, which was classified as critical, was found in GStreamer. The affected element is an unknown function of the component vmnc Decoder. Executing a manipulation can lead to integer overflow. This vulnerability is registered as CVE-2016-9445. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability has been found in GStreamer and classified as problematic. The impacted element is an unknown function of the component vmnc Decoder. The manipulation leads to information disclosure. This vulnerability is documented as CVE-2016-9446. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in GStreamer 0.10.x and classified as critical. This affects an unknown function of the component NSF Decoder. The manipulation results in out-of-bounds read. This vulnerability is reported as CVE-2016-9447. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability described as problematic has been identified in GStreamer up to 1.10.2. The impacted element is the function gst_aac_parse_sink_setcaps of the file gst/audioparsers/gstaacparse.c of the component gst-plugins-good. Such manipulation as part of Audio File leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2016-10198. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability classified as problematic has been found in GStreamer up to 1.10.2. This affects the function qtdemux_tag_add_str_full of the file gst/isomp4/qtdemux.c of the component Tag Value Handler. Performing a manipulation results in out-of-bounds read. This vulnerability was named CVE-2016-10199. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in GStreamer up to 1.10.2. Affected by this issue is the function gst_riff_create_audio_caps of the file gst-libs/gst/riff/riff-media.c of the component gst-plugins-base. The manipulation results in numeric error. This vulnerability was named CVE-2017-5837. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, has been found in GStreamer up to 1.10.2. This affects the function gst_date_time_new_from_iso8601_string of the file gst/gstdatetime.c. This manipulation causes out-of-bounds read. The identification of this vulnerability is CVE-2017-5838. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in GStreamer up to 1.10.2. This vulnerability affects the function gst_riff_create_audio_caps of the file gst-libs/gst/riff/riff-media.c of the component gst-plugins-base. Such manipulation leads to uncontrolled recursion. This vulnerability is referenced as CVE-2017-5839. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability has been found in GStreamer up to 1.10.2 and classified as critical. This issue affects the function qtdemux_parse_samples of the file gst/isomp4/qtdemux.c. Performing a manipulation results in out-of-bounds read. This vulnerability is identified as CVE-2017-5840. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in GStreamer up to 1.10.2 and classified as critical. Impacted is the function gst_avi_demux_parse_ncdt of the file gst/avi/gstavidemux.c. Executing a manipulation can lead to out-of-bounds read. This vulnerability is tracked as CVE-2017-5841. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability was found in GStreamer up to 1.10.2. It has been classified as critical. The affected element is the function html_context_handle_element of the file gst/subparse/samiparse.c of the component SMI File Handler. The manipulation leads to out-of-bounds write. This vulnerability is listed as CVE-2017-5842. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in GStreamer up to 1.10.2. It has been declared as critical. The impacted element is the function gst_mini_object_unref/gst_tag_list_unref/gst_mxf_demux_update_essence_tracks. The manipulation results in use after free. This vulnerability is cataloged as CVE-2017-5843. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in gstreamer gst-plugins-base 0.10.22 and classified as critical. The impacted element is the function gst_vorbis_tag_add_coverart. The manipulation results in numeric error. This vulnerability is reported as CVE-2009-0586. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 5.15.74/5.19.16/6.0.2. The impacted element is the function arch_prepare_kprobe. The manipulation results in null pointer dereference. This vulnerability is reported as CVE-2022-50635. The attacker must have access to the local network to execute the attack. No exploit exists. It is advisable to upgrade the affected component.