#vulnerability

The nation-state espionage group known for attacking Pakistan has expanded its reach to targets in Egypt and Sri Lanka.

Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via merge methods of lodash to merge objects.

# Brief/Intro The typescript SDK has no awareness of to-be-spent transactions causing some transactions to fail or silently get pruned as they are funded with already used UTXOs. The `Typescript SDK` provides the `fund` function which retrieves `UTXOs`, which belong to the owner and can be used to fund the request in question, from fuel's graphql api. These then get added to the request making it possible to send it to the network as it now has inputs which can be spent by its outputs. Now this works when a user only wants to fund one transaction per block as in the next block, the spent UTXO will not exist anymore. However if a user wants to fund multiple transactions within one block, the following can happen: It is important to note, that the graphql API will return a random UTXO which has enough value to fund the transaction in question. - user has 2 spendable `UTXOs` in their wallet which can cover all expenses - user funds transaction `tA` with an input gotten from the API `i...

### Impact `array_ops.upper_bound` causes a segfault when not given a rank 2 tensor. ### Patches We have patched the issue in GitHub commit [915884fdf5df34aaedd00fc6ace33a2cfdefa586](https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586). The fix will be included in TensorFlow 2.13. We will also cherrypick this commit in TensorFlow 2.12.1. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions. ### Attribution This vulnerability has been reported by dmc1778

With sufficient privileges in Active Directory, attackers only have to create an "ESX Admins" group in the targeted domain and add a user to it.

This year’s Intelligence Authorization Act would mandate penetration testing for federally certified voting machines and allow independent researchers to work on exposing vulnerabilities.

The incident serves as a stark reminder of the fragility of our digital infrastructure. By adopting a diversified, resilient approach to cybersecurity, we can mitigate the risks and build a more secure digital future.

Ubuntu Security Notice 6924-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice 6927-1 - Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice 6923-2 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.