257 matches found
EUVD-2015-8484
Malware in sbrugna...
EUVD-2013-2046
Malware in sbrugna...
EUVD-2011-2191
Malware in sbrugna...
PinTools
This repository is an example and proof-of-concept PoC for dynamic binary analysis using the Pin tool. The code is designed to detect the classical use-after-free vulnerability. The Pin tool is a dynamic binary instrumentation framework that allows developers to analyze and modify the behavior of...
Linux Distros Unpatched Vulnerability : CVE-2025-37754
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/i915/huc: Fix fence not released on early probe errors HuC delayed loading fence,...
TraceLens: Question-Driven Debugging for Taint Flow Understanding
Taint analysis is a security analysis technique used to track the flow of potentially dangerous data through an application and its dependent libraries. Investigating why certain unexpected flows appear and why expected flows are missing is an important sensemaking process during end-user taint...
Linux Distros Unpatched Vulnerability : CVE-2024-5693
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. Th...
ZTaint-Havoc: from Havoc Mode to Zero-Execution Fuzzing-Driven Taint Inference
Fuzzing is a widely used technique for discovering software vulnerabilities, but identifying hot bytes that influence program behavior remains challenging. Traditional taint analysis can track such bytes white-box, but suffers from scalability issue. Fuzzing-Driven Taint Inference FTI offers a...
Securing AI Agents with Information-Flow Control
As AI agents become increasingly autonomous and capable, ensuring their security against vulnerabilities such as prompt injection becomes critical. This paper explores the use of information-flow control IFC to provide security guarantees for AI agents. We present a formal model to reason about t...
CVE-2022-24690
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A PresAbs.php SQL Injection vulnerability allows unauthenticated users to taint database data and extract sensitive information via crafted HTTP requests. The type of SQL Injection is blind boolean based. An unauthenticated attacker...
SUSE CVE-2025-37754
In the Linux kernel, the following vulnerability has been resolved: drm/i915/huc: Fix fence not released on early probe errors HuC delayed loading fence, introduced with commit 27536e03271da "drm/i915/huc: track delayed HuC load with a fence", is registered with object tracker early on driver pro...
DEBIAN-CVE-2025-37754
In the Linux kernel, the following vulnerability has been resolved: drm/i915/huc: Fix fence not released on early probe errors HuC delayed loading fence, introduced with commit 27536e03271da "drm/i915/huc: track delayed HuC load with a fence", is registered with object tracker early on driver pro...
UBUNTU-CVE-2025-37754
In the Linux kernel, the following vulnerability has been resolved: drm/i915/huc: Fix fence not released on early probe errors HuC delayed loading fence, introduced with commit 27536e03271da "drm/i915/huc: track delayed HuC load with a fence", is registered with object tracker early on driver pro...
DejaVuzz: Disclosing Transient Execution Bugs with Dynamic Swappable Memory and Differential Information Flow Tracking Assisted Processor Fuzzing
Transient execution vulnerabilities have emerged as a critical threat to modern processors. Hardware fuzzing testing techniques have recently shown promising results in discovering transient execution bugs in large-scale out-of-order processor designs. However, their poor microarchitectural...
Linux Distros Unpatched Vulnerability : CVE-2022-48704
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/radeon: add a force flush to delay work when radeon Although radeon card fence and wait for gpu to finish processing current batch rings, there is still a...
Linux Distros Unpatched Vulnerability : CVE-2016-2381
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp...
CVE-2025-0426 vulnerabilities
Vulnerabilities for packages: local-static-provisioner, kubernetes-csi-driver-nfs, kapp, rancher-agent, argocd-image-updater, rancher-webhook, kubernetes, vcluster, kubernetes-dns-node-cache, aws-efs-csi-driver, nodetaint, rancher-fleet, argo-rollouts, ip-masq-agent, cluster-autoscaler,...
Mozilla: Cross-Origin Image leak via Offscreen Canvas
The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy...
Mozilla: Cross-Origin Image leak via Offscreen Canvas
The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy...
CVE-2024-27399 Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: fix null-ptr-deref in l2capchantimeout There is a race condition between l2capchantimeout and l2capchandel. When we use l2capchandel to delete the channel, the chan-conn will be set to null. But the conn could b...