Aggregator

Paragon Softwareが提供するParagon Partition Managerには、複数の脆弱性が存在します。

A vulnerability was found in Linux Kernel 2.6.32.51 and classified as problematic. Affected by this issue is the function sysrq_sysctl_handler. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2011-4080. An attack has to be approached locally. There is no exploit available.

A vulnerability classified as critical has been found in Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04. This affects an unknown part of the file /webtools/control/xmlrpc of the component XML-RPC Event Handler. The manipulation leads to xml external entity reference. This vulnerability is uniquely identified as CVE-2011-3600. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in DHCPv6 Client up to 2011-07-25 and classified as critical. This issue affects some unknown processing of the component DHCP Message Handler. The manipulation leads to injection. The identification of this vulnerability is CVE-2011-2717. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in GNU C Library up to 2.14 and classified as problematic. This vulnerability affects unknown code. The manipulation with the input 0 as part of String leads to memory corruption. This vulnerability was named CVE-2011-5320. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GNOME GLib up to 2.26.0. It has been rated as problematic. Affected by this issue is the function hash. The manipulation leads to cryptographic issues. This vulnerability is handled as CVE-2012-0039. The attack may be launched remotely. There is no exploit available. The real existence of this vulnerability is still doubted at the moment.

A vulnerability was found in Inria OCaml up to 3.12.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper input validation. This vulnerability is known as CVE-2012-0839. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in tar up to 1.22.0 v4 on BusyBox. Affected is an unknown function. The manipulation leads to path traversal. This vulnerability is traded as CVE-2011-5325. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in unixODBC 2.0.10/2.3.0/2.3.1 and classified as problematic. This vulnerability affects the function SQLDriverConnect. The manipulation leads to memory corruption. This vulnerability was named CVE-2012-2657. The attack needs to be approached locally. There is no exploit available. The real existence of this vulnerability is still doubted at the moment.

A vulnerability was found in Oracle JDK 1.6.0/1.7.0/1.8.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cryptographic issues. This vulnerability is traded as CVE-2012-2739. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Apache Xerces-C++. This issue affects some unknown processing of the component XML Service. The manipulation leads to improper resource management. The identification of this vulnerability is CVE-2012-0880. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Pidgin 2.10.0 and classified as problematic. This vulnerability affects unknown code of the component dbus. The manipulation leads to cleartext transmission of sensitive information. This vulnerability was named CVE-2012-1257. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in PyXML. This issue affects some unknown processing of the component Hash Table Handler. The manipulation leads to resource consumption. The identification of this vulnerability is CVE-2012-0877. The attack may be initiated remotely. There is no exploit available.

译者：知道创宇404实验室翻译组 原文链接：https://github.com/protectai/modelscan/blob/main/docs/model_serialization_attacks.md 机器学习（ML）模型是基于机器学习的应用程序的核心资产。安全地存储和检索模型对成功至关重要。根据使用的机器学习库，模型可以以多种常见格式保存。流行的选择包括：Pickle、HDF5...

US CISA confirms no change in defense against Russian cyber threats despite the Trump administration’s pause on offensive operations. US CISA stated there is no change in defending against Russian cyber threats, despite the Trump administration’s temporary pause on offensive cyber operations. US Defense Secretary Pete Hegseth has recently ordered US Cyber Command to pause […]

ИИ-ассистент отправляет бумажную работу в прошлое.

Cybercriminals Use Artificial Intelligence and Physical Threats to Maximize Impact
One-dimensional data encryption threats have morphed into more dangerous, multi-layered ransomware attacks that are expanding in scope and impact, creating an urgent need for organizations to fortify their defenses.

Focus on Cyber Hygiene, Advanced Tools and Rapid Response to Outsmart Attackers
Modern cyberthreats require modern defense tactics. Ransomware now employs multilayered extortion tactics that target operations and reputations. With 68% of breaches involving human error, CISOs and leaders must focus on cyber hygiene, advanced security tools and rapid response strategies.

The adoption of privacy enhancing technologies, including fully homomorphic encryption, can help secure data as it is collected, integrated and shared for detecting and responding to public health emergencies such as bird flu, said Kurt Rohloff, co-founder and CTO of Duality Technologies.