Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a memory corruption that occurs when parameters are passed to the Trusted Virtual Machine during a handshake...

PT-2025-39266

Name of the Vulnerable Software and Affected Versions Versions prior to 2025 Description A memory corruption issue exists when parameters are passed to the Trusted Virtual Machine during the handshake process. Recommendations At the moment, there is no information about a newer version that...

PT-2025-39278

Name of the Vulnerable Software and Affected Versions versions prior to 2025-47315 Description A memory corruption issue exists when handling repeated memory unmap requests originating from a guest virtual machine. Recommendations At the moment, there is no information about a newer version that...

PT-2025-39272

Name of the Vulnerable Software and Affected Versions versions prior to 2025-27032 Description A memory corruption issue exists when loading a Picture Interchange Language PIL authenticated Virtual Machine VM. This occurs when an authenticated VM image is loaded without maintaining cache coherenc...

MAL-2025-47492 Malicious code in react-device-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 113702b97f378bfde6af287d00821b1e3ebec6cfa164e3d263f57632210869c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

nightmare

This repository is an introduction to binary exploitation and reverse engineering course based on CTF challenges, called "Nightmare". It contains a large amount of content, with over 90 challenges, laid out in a linear fashion, and well-documented write-ups explaining how to go from being handed...

Unbreakable Enterprise kernel security update

5.15.0-312.187.5.3 - HID: core: do not bypass hidhwrawrequest Benjamin Tissoires Orabug: 38454666 CVE-2025-38494 - vsock: Do not allow binding to VMADDRPORTANY Budimir Markovic Orabug: 38454665 CVE-2025-38618 - cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns Al Viro...

CVE-2025-47906 vulnerabilities

Vulnerabilities for packages: gitlab-runner, kube-vip, bank-vaults, newrelic-nri-statsd, custom-pod-autoscaler-operator, vault-benchmark, octo-sts, docker-credential-ecr-login, kserve-rest-proxy, blobfuse2, grafana-operator, php-fpmexporter, lvm-driver, knative-serving, vault-k8s,...

GHSA-GWRF-JF3H-W649 vulnerabilities

Vulnerabilities for packages: gitlab-runner, kube-vip, bank-vaults, newrelic-nri-statsd, custom-pod-autoscaler-operator, vault-benchmark, octo-sts, docker-credential-ecr-login, kserve-rest-proxy, blobfuse2, grafana-operator, php-fpmexporter, lvm-driver, knative-serving, vault-k8s,...

CVE-2025-47906 vulnerabilities

Vulnerabilities for packages: consul-fips, addon-resizer, prometheus-adapter, karma-fips, hivemind, knative-eventing-fips, kube-logging-operator-custom-runner-fips, lvm-driver, grafana-operator, kube-vip-cloud-provider, eks-distro-fips, cloud-provider-aws-fips, terraform-provider-tls-fips,...

GHSA-GWRF-JF3H-W649 vulnerabilities

Vulnerabilities for packages: consul-fips, addon-resizer, prometheus-adapter, karma-fips, hivemind, knative-eventing-fips, kube-logging-operator-custom-runner-fips, lvm-driver, grafana-operator, kube-vip-cloud-provider, eks-distro-fips, cloud-provider-aws-fips, terraform-provider-tls-fips,...

KVM: x86: use array_index_nospec with indices that come from guest

...

Inference Attacks on Encrypted Online Voting Via Traffic Analysis

Online voting enables individuals to participate in elections remotely, offering greater efficiency and accessibility in both governmental and organizational settings. As this method gains popularity, ensuring the security of online voting systems becomes increasingly vital, as the systems...

UBUNTU-CVE-2023-53438

In the Linux kernel, the following vulnerability has been resolved: x86/MCE: Always save CS register on AMD Zen IF Poison errors The Instruction Fetch IF units on current AMD Zen-based systems do not guarantee a synchronous MC is delivered for poison consumption errors. Therefore,...

CVE-2023-53438

CVE-2023-53438 : In the Linux kernel, the AMD Zen IF poison error path could misclassify context due to non-synchronous delivery of poison by the IF unit. The issue is mitigated by adding a quirk to always save the Code Segment (CS) register when poison is consumed from the IF unit banks, ensurin...

UBUNTU-CVE-2023-53395

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Add AMLNOOPERANDRESOLVE flag to Timer ACPICA commit 90310989a0790032f5a0140741ff09b545af4bc5 According to the ACPI specification 19.6.134, no argument is required to be passed for ASL Timer instruction. For taking care of...

PT-2025-38457

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the x86/MCE subsystem related to handling Machine Check Exceptions MCE on AMD Zen-based systems. Specifically, the Instruction Fetch IF units may...

Malicious code in ng-imports-checker (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 18b18b9fde01428e5307224f34cca2ee013b4d455573e0da91abc9d6ee0c1438 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-53319

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Handle kvmarminit failure correctly in finalizepkvm Currently there is no synchronisation between finalizepkvm and kvmarminit initcalls. The finalizepkvm proceeds happily even if kvmarminit fails resulting in the...

CVE-2023-53319 KVM: arm64: Handle kvm_arm_init failure correctly in finalize_pkvm

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Handle kvmarminit failure correctly in finalizepkvm Currently there is no synchronisation between finalizepkvm and kvmarminit initcalls. The finalizepkvm proceeds happily even if kvmarminit fails resulting in the...