Ubuntu Security Notice 6693-1 - It was discovered that .NET did not properly handle certain specially crafted requests. An attacker could potentially use this issue to cause a resource leak, leading to a denial of service.
8a6cbb24e79abc77c05ef916a922d0685d249ebcb25ec7dbe3505f1a201ccbf7Race conditions arise when multiple threads attempt to access a shared resource without proper synchronization, often leading to vulnerabilities such as concurrent use-after-free. To mitigate their occurrence, operating systems rely on synchronization primitives such as mutexes, spinlocks, etc. In this paper, the authors present GhostRace, the first security analysis of these primitives on speculatively executed code paths. Their key finding is that all the common synchronization primitives can be microarchitecturally bypassed on speculative paths, turning all architecturally race-free critical regions into Speculative Race Conditions (SRCs).
e0d3a753ac273a430c317cd67e808c20b6cdd914b31b24e71450d5fb4ad420afIn this whitepaper, the authors introduce the first model-stealing attack that extracts precise, nontrivial information from black-box production language models like OpenAI's ChatGPT or Google's PaLM-2. Specifically, their attack recovers the embedding projection layer (up to symmetries) of a transformer model, given typical API access. For under $20 USD, their attack extracts the entire projection matrix of OpenAI's ada and babbage language models. They thereby confirm, for the first time, that these black-box models have a hidden dimension of 1024 and 2048, respectively. They also recover the exact hidden dimension size of the gpt-3.5-turbo model, and estimate it would cost under $2,000 in queries to recover the entire projection matrix. They conclude with potential defenses and mitigations, and discuss the implications of possible future work that could extend this attack.
35bb26fb1fe58d91b595fbecc219b129076e6cc3ae746288dc27c6fa0d128e6aUbuntu Security Notice 6663-2 - USN-6663-1 provided a security update for OpenSSL. This update provides the corresponding update for Ubuntu 16.04 LTS. As a security improvement, this update prevents OpenSSL from returning an error when detecting wrong padding in PKCS#1 v1.5 RSA, to prevent its use in possible Bleichenbacher timing attacks.
fe2239ee2a0b0aa19f4cd8b777b94d2227dcfccdfab1dd784c5471b9e405daabClient Details System version 1.0 suffers from a remote SQL injection vulnerability.
64589c2ecc306d978f6791cf6a635512b98de6e52e4573c83fe9e9fe5303bbedMetaFox versions 5.1.8 and below suffer from a remote shell upload vulnerability.
e2b323542d1ae762fd44f17402386b535064f3b92a9eb3e937211dc86f883e48Ubuntu Security Notice 6692-1 - It was discovered that Gson incorrectly handled deserialization of untrusted input data. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.
581f6db3e96956bcd910506069e535dcb08e172118ad71cd397745a47802c943Cisco Firepower Management Center suffers from an authenticated remote command execution vulnerability. Many versions spanning the 7.x.x.x and 6.x.x.x branches are affected.
1b5e5708722e1634d261eff6cb37eccaf5547e6899a9a8f88ca8bf2b2955f61efabric is an open-source framework for augmenting humans using AI. This does not have an official release yet but should be interesting to our readers.
ed177190731dbec436f6f57a1c4a7462e2f9940ac6ecd35e4637d8edaa10ec06Ubuntu Security Notice 6691-1 - It was discovered that OVN incorrectly enabled OVS Bidirectional Forwarding Detection on logical ports. A remote attacker could possibly use this issue to disrupt traffic.
0aa5e2e50eaa553a1603a3606ba38da3d1d9b430fb600ab43ff1ff2957fe25b2SnipeIT version 6.2.1 suffers from a persistent cross site scripting vulnerability.
eee914b06410c5150fcb2bae44901641cb89e7a2dd28897fd46de6299c87af27MSMS-PHP version 1.0 suffers from a remote shell upload vulnerability.
06dd3743528c052502c13e65a54289e54ef53298ff6beb4c6ee8a4810bae36dfMSMS-PHP version 1.0 suffers from a remote SQL injection vulnerability.
07a4b17a4586262f742fb0c1fbec3bfb2ad51bbc7b9e70e96de453b70e201f61Red Hat Security Advisory 2024-1305-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a buffer overflow vulnerability.
4a73d11f3613adbf16a750b8641700600b445fa03c87d3c18012bb4c35e445b3Red Hat Security Advisory 2024-1304-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a memory exhaustion vulnerability.
02c5c2b353adfbc76173bc6cebf94c8c55a53d8bd272fad37b2cbd8cef599a80VMware Cloud Director version 10.5 suffers from an authentication bypass vulnerability.
aa2016d4a29081d33539e9bdd7cc84da6d05dd8194b6a641aca62c33d9daf9e5Red Hat Security Advisory 2024-1303-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a memory exhaustion vulnerability.
e51bb577fccd02b879616f81ee244fc9f4d5753e8f46568a298c4de8603d9abcRed Hat Security Advisory 2024-1278-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include out of bounds write and use-after-free vulnerabilities.
6b2284d02c2f3fc32bd487fd3f167763e2d294ff66de903a129316872db1929bKaraf version 4.4.3 suffers from a remote code execution vulnerability.
2f400975f659ce2b1411ab5f0648a7b24fbc5ff13c60a27cd18e2461d40bfd86OSGi versions 3.7.2 and below suffer from a remote code execution vulnerability.
b58312b3c9ef3414d27ca17e2db9d015ffcd0263ed95cd4c31a69f65fd99f59dOSGi versions 3.8 through 3.18 suffer from a remote code execution vulnerability.
f497ebf8b35afe62aa891bf6ce65680f2ac452e845456b06776d98729a31b50d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed