Skip to content
/dev/random

/dev/random

"If the enemy leaves a door open, you must rush in." – Sun Tzu

  • About Me
    • About Me
    • Online Presentations
    • PGP Public Key
  • Disclaimer
  • Tools
    • alerts2afterglow
    • hoover
    • inotes.py
    • known_hosts_bruteforcer
    • pastemon
    • oplb
    • ossec_dashboard
    • ossec2dshield
    • twittermon
    • rrhunter
    • syslog2loggly

Weather forecasts

January 15, 2003 Uncategorized Comments Off on Weather forecasts

There is now weather forecasts (and current) available for Brussels, Belgium.
Still deploying the future interface. Be patient! 🙂

Post navigation

« Pic upload test!
Happy Birthday to my job! »

Stay in Touch

RSS Twitter LinkedIn

Upcoming Events

Here is a list of events that I will attend and cover via Twitter and wrap-ups. Ping me if you want to meet! The list is regularly updated.

SANS Amsterdam 2020

Recent Articles

  • [SANS ISC] Managing Remote Access for Partners & Contractors
  • [SANS ISC] PowerShell Backdoor Launched from a ShellCode
  • [SANS ISC] Party in Ibiza with PowerShell
  • [SANS ISC] Malicious Word Document with Dynamic Content
  • [SANS ISC] A Mix of Python & VBA in a Malicious Word Document

Popular Articles

  • Show me your SSID’s, I’ll Tell Who You Are! 39.8k views
  • Keep an Eye on SSH Forwarding! 39.2k views
  • Sending Windows Event Logs to Logstash 31.6k views
  • Socat, Another Network Swiss Army Knife 28.2k views
  • Check Point Firewall Logs and Logstash (ELK) Integration 28.2k views
  • Forensics: Reconstructing Data from Pcap Files 23.7k views
  • dns2tcp: How to bypass firewalls or captive portals? 22.8k views
  • Vulnerability Scanner within Nmap 19.5k views
  • Post-BruCON Experience – Running a Wall of Sheep in the Wild 18.3k views
  • Bruteforcing SSH Known_Hosts Files 17.5k views

Recent Tweets

  • #vblocalhost day 2 starting! pic.twitter.com/hxu7it8WPC

    About 7 hours ago

  • #CyberSecMonth is back! What changed? The year! Just reread my previous blog post and "s/2019/2020/". Wait, it's ma… twitter.com/i/web/status/13115…

    About 16 hours ago

  • At regular intervals, I'm receiving LinkedIn invitations with this profile picture. Profile in French, looking fres… twitter.com/i/web/status/13112…

    September 30, 2020 13:00

  • [/dev/random] [SANS ISC] Managing Remote Access for Partners & Contractors blog.rootshell.be/2020/09/29/s…

    September 29, 2020 11:09

  • More sandbox evasion techniques in Python... pic.twitter.com/ZsiOjCDQiZ

    September 29, 2020 09:28

Time Machine

RSS NVD Vulnerabilities Feed

  • CVE-2020-4607 (security_verify_privilege_vault_remote_on-premises) September 29, 2020
    IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
  • CVE-2020-15209 (tensorflow) September 25, 2020
    In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that […]
  • CVE-2020-15212 (tensorflow) September 25, 2020
    In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `output_data` buffer. This might result in a segmentation fault but […]
  • CVE-2020-15210 (tensorflow) September 25, 2020
    In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for […]
  • CVE-2020-15211 (tensorflow) September 25, 2020
    In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into […]
  • CVE-2020-15214 (tensorflow) September 25, 2020
    In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the dimensionality of output tensor. This […]
  • CVE-2020-15208 (tensorflow) September 25, 2020
    In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the […]
  • CVE-2020-15198 (tensorflow) September 25, 2020
    In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has the same shape as the `values` one. The values in these tensors are always accessed in parallel. Thus, a shape mismatch can result in […]
Copyright Xavier Mertens © 2003-2020 | Powered by Xavier Mertens Consulting.
This website uses cookies to improve your experience. By using our services, you agree to our use of cookies. Accept Learn more
Privacy & Cookies Policy
Necessary
Always Enabled