#vulnerability

By Waqas As you look ahead to 2024, the landscape of physical security is evolving rapidly, with new trends emerging… This is a post from HackRead.com Read the original post: 2024 Trends for Securing Your Business Premises: Essential Strategies and Technologies

# /sys/devices/virtual/powercap accessible by default to containers Intel's RAPL (Running Average Power Limit) feature, introduced by the Sandy Bridge microarchitecture, provides software insights into hardware energy consumption. To facilitate this, Intel introduced the powercap framework in Linux kernel 3.13, which reads values via relevant MSRs (model specific registers) and provides unprivileged userspace access via `sysfs`. As RAPL is an interface to access a hardware feature, it is only available when running on bare metal with the module compiled into the kernel. By 2019, it was realized that in some cases unprivileged access to RAPL readings could be exploited as a power-based side-channel against security features including AES-NI (potentially inside a SGX enclave) and KASLR (kernel address space layout randomization). Also known as the [PLATYPUS attack](https://platypusattack.com/), Intel assigned [CVE-2020-8694](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8694)...

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.0.

A vulnerability has been found in pedroetb tts-api up to 2.1.4 and classified as critical. This vulnerability affects the function onSpeechDone of the file app.js. The manipulation leads to os command injection. Upgrading to version 2.2.0 is able to address this issue. The patch is identified as 29d9c25415911ea2f8b6de247cb5c4607d13d434. It is recommended to upgrade the affected component. VDB-248278 is the identifier assigned to this vulnerability.

This improper authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to the Confluence instance administrator. This Metasploit module uses the administrator account to install a malicious .jsp servlet plugin which the user can trigger to gain code execution on the target in the context of the of the user running the confluence server.

Debian Linux Security Advisory 5580-1 - The Zoom Offensive Security Team discovered that processing a SVG image may lead to a denial-of-service.

Red Hat Security Advisory 2023-7878-03 - An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include an integer overflow vulnerability.

By Owais Sultan Building a successful business is no small feat. You pour your heart and soul into it – serving… This is a post from HackRead.com Read the original post: 5 Fraud Prevention Strategies That Help Companies Ward Off Cyber Attacks

Relive Talos' top stories from the past year as we recap the top malware and other threats that came our way.

A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.3, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 2.1.3 or 3.0.2, which fixes the issue.