Aggregator

CVE-2012-0708 | IBM Rational ClearQuest up to 8.0.0.0 ActiveX Control cqole.dll memory corruption (EDB-19576 / Nessus ID 59293)

Vuldb Updates
3 months 2 weeks ago
A vulnerability described as critical has been identified in IBM Rational ClearQuest up to 8.0.0.0. Affected by this vulnerability is an unknown functionality in the library cqole.dll of the component ActiveX Control. Such manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2012-0708. The attack can be launched remotely. Moreover, an exploit is present. Upgrading the affected component is recommended.
vuldb.com

CVE-2012-5946 | IBM SPSS SamplePower 3.0 ActiveX Control C1sizer.ocx memory corruption (EDB-25814 / Nessus ID 66473)

Vuldb Updates
3 months 2 weeks ago
A vulnerability marked as critical has been reported in IBM SPSS SamplePower 3.0. Impacted is an unknown function of the file C1sizer.ocx of the component ActiveX Control. Performing manipulation results in memory corruption. This vulnerability is reported as CVE-2012-5946. The attack is possible to be carried out remotely. Moreover, an exploit is present. It is suggested to upgrade the affected component.
vuldb.com

CVE-2012-0201 | IBM Personal Communications prior 6.0.3.0 pcsws.exe memory corruption (EDB-18539 / XFDB-73127)

Vuldb Updates
3 months 2 weeks ago
A vulnerability identified as critical has been detected in IBM Personal Communications. This vulnerability affects unknown code in the library pcspref.dll of the file pcsws.exe. This manipulation causes memory corruption. The identification of this vulnerability is CVE-2012-0201. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. You should upgrade the affected component.
vuldb.com

CVE-2012-2176 | IBM Lotus Quickr up to 8.1 ActiveX Control qp2.cab memory corruption (EDB-23737 / XFDB-75322)

Vuldb Updates
3 months 2 weeks ago
A vulnerability classified as critical has been found in IBM Lotus Quickr up to 8.1. This affects an unknown part of the file qp2.cab of the component ActiveX Control. Performing manipulation results in memory corruption. This vulnerability was named CVE-2012-2176. The attack may be initiated remotely. In addition, an exploit is available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2012-2175 | IBM Lotus iNotes 8.5 ActiveX Control dwa85W.dll memory corruption (EDB-23736 / Nessus ID 59685)

Vuldb Updates
3 months 2 weeks ago
A vulnerability categorized as critical has been discovered in IBM Lotus iNotes 8.5. The affected element is an unknown function in the library dwa85W.dll of the component ActiveX Control. Such manipulation leads to memory corruption. This vulnerability is traded as CVE-2012-2175. The attack may be launched remotely. Furthermore, there is an exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2012-5100 | Luizpicanco HServer 0.1.1 path traversal (EDB-24915 / Nessus ID 10297)

Vuldb Updates
3 months 2 weeks ago
A vulnerability described as problematic has been identified in Luizpicanco HServer 0.1.1. The impacted element is an unknown function. Executing manipulation can lead to path traversal. This vulnerability is registered as CVE-2012-5100. It is possible to launch the attack remotely. Furthermore, an exploit is available. Upgrading the affected component is recommended.
vuldb.com

Play

Dark Feed IO
3 months 2 weeks ago

You must login to view this content

cohenido

Play

Dark Feed IO
3 months 2 weeks ago

You must login to view this content

cohenido

Play

Dark Feed IO
3 months 2 weeks ago

You must login to view this content

cohenido

Play

Dark Feed IO
3 months 2 weeks ago

You must login to view this content

cohenido

Play

Dark Feed IO
3 months 2 weeks ago

You must login to view this content

cohenido

Microsoft’s New AI Risk Assessment Framework – A Step Forward

Security Boulevard
3 months 2 weeks ago

 

Microsoft recently introduced a new framework designed to assess the security of AI models. It’s always encouraging to see developers weaving cybersecurity considerations into the design and deployment of emerging, disruptive technologies. Stronger security reduces the potential for harmful outcomes — and that’s a win for everyone.

It is wonderful to see that Microsoft leveraged its expertise to publish a clear framework for anyone to use.

While this framework provides a reasonable foundation for securing Large Language Model (LLM) AI deployments, it falls short when applied to more advanced AI systems — especially those with agentic capabilities. This limitation in applicability highlights a persistent problem in cybersecurity: tools and practices are often outdated or under-scaled, even before the industry has a chance to implement them.

AI is evolving at a breathtaking pace, and security adaptation consistently lags several steps behind. The release of this framework is a valuable step forward, but it’s critical to recognize that it’s just a step on a very long journey. The ongoing challenge is not to declare “mission accomplished,” but to treat security as a continuously adaptive process — always be looking to embrace the next best practices.

Risk governance for AI requires ongoing investment, flexibility, and willingness to evolve. Even then, the best we may achieve is keeping pace with evolving risks, maintaining as few steps behind as possible.

Paper Download: https://github.com/Azure/AI-Security-Risk-Assessment/blob/main/AI_Risk_Assessment_v4.1.4.pdf

The post Microsoft’s New AI Risk Assessment Framework – A Step Forward appeared first on Security Boulevard.

Matthew Rosenquist

CVE-2002-2362 | SourceForge Mymarket 1.71 form_header.php noticemsg cross site scripting (EDB-21961 / ID 10844)

Vuldb Updates
3 months 2 weeks ago
A vulnerability marked as problematic has been reported in SourceForge Mymarket 1.71. Impacted is an unknown function of the file form_header.php. The manipulation of the argument noticemsg leads to cross site scripting. This vulnerability is listed as CVE-2002-2362. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com

Managed ad