Day: October 31, 2022
Vulnerabilities in Apache Batik Default Security Controls – SSRF and RCE Through Remote Class Loading
Introduction I stumbled upon the Apache Batik library while researching other Java-based products. It immediately caught my attention, as this library parses Scalable Vector Graphics (SVG) files and transforms them into different raster graphics formats (i.e., PNG, PDF, or JPEG). I was even more encouraged when I looked at the Batik documentation. It was obvious that such a library could be prone to Server-Side Request Forgery (SSRF) issues (e.g., loading of images from remote resources). However, the documentation shows that Batik can also: ·     Execute JavaScript through the Rhino interpreter.·     Load and execute remote Java classes. Those are some neat …
GeForce RTX 40 Series Receives Massive Creator App Benefits This Week ‘In the NVIDIA Studio’
Editor’s note: This post is part of our weekly In the NVIDIA Studio series, which celebrates featured artists, offers creative tips and tricks, and demonstrates how NVIDIA Studio technology improves creative workflows. We’re also deep diving on new GeForce RTX 40 Series GPU features, technologies and resources, and how they dramatically accelerate content creation. Artists deploying the critically acclaimed GeForce RTX 4090 GPUs are primed to receive significant performance boosts in key creative apps. OBS Studio and Google Chrome enabled AV1 encoding; Topaz AI-powered apps and ON1 software added Tensor Core acceleration; and VTube Studio integrated NVIDIA Broadcast augmented-reality features …
Think Fast: Lotus Eletre Tops Charts in Driving and AI Compute Speeds, Powered by NVIDIA DRIVE Orin
One of the biggest names in racing is going even bigger. Performance automaker Lotus launched its first SUV, the Eletre, earlier this week. The fully electric vehicle sacrifices little in terms of speed and outperforms when it comes to technology. It features an immersive digital cockpit, lengthy battery range of up to 370 miles and autonomous-driving capabilities powered by the NVIDIA DRIVE Orin system-on-a-chip. The Eletre’s autonomous-driving system is designed for more than easier commutes. Lotus plans to train the vehicle to complete the world-famous Nürburgring racetrack in Germany entirely on its own. Powered by Lotus Group autonomous driving platform …
NEWS
-
ZDI-23-341: Schneider Electric IGSS openReport Improper Input Validation Remote Code Execution Vulnerability
March 16, 2023This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. -
ZDI-23-340: Schneider Electric IGSSdataServer Exposed Dangerous Function Data Deletion Vulnerability
March 16, 2023This vulnerability allows remote attackers to delete application-level data on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability. -
ZDI-23-339: Schneider Electric IGSS IGSSdataServer Exposed Dangerous Function Remote Code Execution Vulnerability
March 16, 2023This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability.