There is an integer overflow in dav1d when decoding an AV1 video with large width/height. The integer overflow may result in an out-of-bounds write.
258b775b05e2d4378551ee4e66e5c90a5df4e7d9ef5dc5c37abec0ba66db8a8e
UPS Network Management Card version 4 suffers from a path traversal vulnerability.
09c742a5856228ab92542adea67531a36cce939377dbf076b6f5c6131ba276dc
Gasmark Pro version 1.0 suffers from a remote shell upload vulnerability.
74aac3d302e6dccc4a04f4bb3b7f33f7c74952c5fafd68a7b296c174889dd69b
Nokia BMC Log Scanner version 13 suffers from a remote command injection vulnerability.
dd739a9071327fb09fa5e5c4324f8585adfcdd2bb749945102e954aa364813c8
vm2 versions 3.9.19 and below suffer from a sandbox escape vulnerability.
b24b64151051cccf149693cb0f7f9f928064b14ccdf177979124b8a149121d80
Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability. The Change Password feature can be abused in order to modify the password of any user of the application.
b902e8c8533e18988a3d9cf1a301f95fdca312dbda532a060668f36b710b0b68
Financials by Coda versions prior to 2023Q4 suffer from a cross site scripting vulnerability.
34202068f860d76bf76919a5032aea9e7b1a4b4f23d207a20914dd51652a7504
HALO version 2.13.1 has an insecure cross-origin resource sharing setting that allows an arbitrary origin.
d03ce00498ebd36e4dfcab8b4a25be241e021255496446e7b6df62fb6024ec33
Membership Management System version 1.0 suffers from remote shell upload and remote SQL injection vulnerabilities.
bafbc2c7895ab97a3d57de482862b676a744678a894f6abb9103ae63f21b01a1
Checkmk Agent versions 2.0.0, 2.1.0, and 2.2.0 suffer from a local privilege escalation vulnerability.
7507da836273d2bbc7b9ad937d83b3421ee4908160760a5f62fe62fa67b910e0
Vinchin Backup and Recovery versions 7.2 and below suffer from an authentication command injection vulnerability.
dd0fc3f58917682d94f66913e102128d1a5e1eb10e34fa851b9f47a77fc06b74
Fortinet FortiOS suffers from an out of bounds write vulnerability. Affected includes Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, and 1.0.0 through 1.0.7.
253e125f2c77fe6892c6503df7eeedff1bed043c4fb701d366058c149ab702b6
This Metasploit module exploits an authentication bypass vulnerability in JetBrains TeamCity. An unauthenticated attacker can leverage this to access the REST API and create a new administrator access token. This token can be used to upload a plugin which contains a Metasploit payload, allowing the attacker to achieve unauthenticated remote code execution on the target TeamCity server. On older versions of TeamCity, access tokens do not exist so the exploit will instead create a new administrator account before uploading a plugin. Older versions of TeamCity have a debug endpoint (/app/rest/debug/process) that allows for arbitrary commands to be executed, however recent version of TeamCity no longer ship this endpoint, hence why a plugin is leveraged for code execution instead, as this is supported on all versions tested.
68370990799fd1605fae05ac9ac3f36fd6659508fbfeef67d22e3cf720e8fa87
Backdoor.Win32.Emegrab.b malware suffers from a buffer overflow vulnerability.
c0d8137645859e14608a0b7a84c3cadd70d3be3e7d59a937b20c600dbcc88162
StimulusReflex versions 3.5.0 up to and including 3.5.0.rc2 and 3.5.0.pre10 suffer from an arbitrary code execution vulnerability.
9e5263d5183618a2c41a25b126b245bfa777329a2f535120971b95cdc71f0486
GitLab CE/EE versions prior to 16.7.2 suffer from a password reset vulnerability.
ecc61996fa0e38b05ac70ce2080679b2eaf36720822b04f8d38867b1d69456b3
JetBrains TeamCity version 2023.05.3 suffers from a remote code execution vulnerability.
e1c264f19102d105794de4c6c20eaafe22944b48d40bf81b679d6529f26dcffb
Honeywell PM43 versions prior to P10.19.050004 suffer from a remote code execution vulnerability.
af3705248c7122eb4d11be4c13209b3526cbee77ed228747c3f55800ef9fb1ef
SolarView Compact version 6.00 suffers from a remote command injection vulnerability.
036c73fd4d8c1b4db5a8dfeb1d025199673968fe8cec024982fdbe68c19a7ca1
Viessmann Vitogate 300 versions 2.1.3.0 and below suffers from a remote code execution vulnerability.
86410aca0ad3a7245b8cb07735d4ec21669679039be68751fc1b43a423e0766a
Ruijie Switch version PSG-5124 with software build 26293 suffers from a remote code execution vulnerability.
31f3b0a900318bec9de9a1e9f67d893c6b3f4c63a3437484a3559c375ebb2fa0
In this whitepaper, the authors introduce the first model-stealing attack that extracts precise, nontrivial information from black-box production language models like OpenAI's ChatGPT or Google's PaLM-2. Specifically, their attack recovers the embedding projection layer (up to symmetries) of a transformer model, given typical API access. For under $20 USD, their attack extracts the entire projection matrix of OpenAI's ada and babbage language models. They thereby confirm, for the first time, that these black-box models have a hidden dimension of 1024 and 2048, respectively. They also recover the exact hidden dimension size of the gpt-3.5-turbo model, and estimate it would cost under $2,000 in queries to recover the entire projection matrix. They conclude with potential defenses and mitigations, and discuss the implications of possible future work that could extend this attack.
35bb26fb1fe58d91b595fbecc219b129076e6cc3ae746288dc27c6fa0d128e6a
Client Details System version 1.0 suffers from a remote SQL injection vulnerability.
64589c2ecc306d978f6791cf6a635512b98de6e52e4573c83fe9e9fe5303bbed
MetaFox versions 5.1.8 and below suffer from a remote shell upload vulnerability.
e2b323542d1ae762fd44f17402386b535064f3b92a9eb3e937211dc86f883e48
Cisco Firepower Management Center suffers from an authenticated remote command execution vulnerability. Many versions spanning the 7.x.x.x and 6.x.x.x branches are affected.
1b5e5708722e1634d261eff6cb37eccaf5547e6899a9a8f88ca8bf2b2955f61e