196 matches found
Label Studio 安全漏洞
Label Studio is an open source data labeling tool from Heartex Open Source. It allows you to label data types such as audio, text, images, video, and time series using a straightforward UI and export to a variety of model formats. A security vulnerability exists in Label Studio versions prior to...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Smack: TCP/IPv4; fixed incorrect labeling. Currently, Smack follows the labeling scheme for incoming TCP/IPv4 connections. When a connection labeled “foo” connects to a connection labeled “bar” via TCP/IPv4, “foo” always appears ...
SUSE-SU-2025:20042-1 Security update for selinux-policy
This update for selinux-policy fixes the following issues: Update to version 20230523+git25.ad22dd7f: Backport wtmpdb label change to have the same wtmpdb label as in SL Micro 6.1 bsc1229132 Add authrwwtmpdbloginrecords to domains using authmanageloginrecords Add authrwwtmpdbloginrecords to modul...
US Cyber Trust Mark logo for smart devices is coming
The White House announced the launch of the US Cyber Trust Mark which aims to help buyers make an informed choice about the purchase of wireless internet-connected devices, such as baby monitors, doorbells, thermostats, and more. The cybersecurity labeling program for wireless consumer Internet o...
CVE-2024-47659
In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. So, 1...
SUSE CVE-2024-47659
In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. So, 1...
DEBIAN-CVE-2024-47659
In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. So, 1...
UBUNTU-CVE-2024-47659
In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. So, 1...
CVE-2024-47659 smack: tcp: ipv4, fix incorrect labeling
In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. So, 1...
CVE-2024-47659
In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. So, 1...
CVE-2024-47659 smack: tcp: ipv4, fix incorrect labeling
In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. So, 1...
CVE-2024-47659
CVE-2024-47659 - Linux kernel Smack labeling flaw (tcp/ipv4) Unity/Ten able advisories summarize a kernel issue in Smack where the label of incoming tcp/ipv4 connections is mirrored from the initiator, causing return packets to be labeled with the initiator’s CIPSO label. This results in two conc...
CVE-2024-47659 smack: tcp: ipv4, fix incorrect labeling
In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. So, 1...
DEBIAN-CVE-2024-9407
A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories...
CVE-2024-40441
An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via the modelattribs parameter...
CVE-2024-40441
CVE-2024-40441 describes a privilege-escalation flaw in Doccano’s open‑source tooling: the Doccano Open Source Annotation Tools for ML practitioners (v1.8.4) and the Doccano Auto Labeling Pipeline (v0.1.23) mishandle the model_attribs parameter, enabling remote attackers to elevate privileges. Ro...
[SECURITY] Fedora 40 Update: libreswan-4.15-1.fc40
Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the...
[SECURITY] Fedora 39 Update: libreswan-4.15-1.fc39
Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the...
Malicious code in OCI.DotNetSDK.Datalabeling.service (NuGet)
--- -= Per source details. Do not edit below this line.=-...
SUSE-SU-2024:1989-1 Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: - Bump github.com/containers/image/v5 bsc1224119,...