Linux Distros Unpatched Vulnerability : CVE-2025-47279

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are...

CVE-2025-38521

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix kernel crash when hard resetting the GPU The GPU hard reset sequence calls pmruntimeforcesuspend and pmruntimeforceresume, which according to their documentation should only be used during system-wide PM...

CVE-2025-38537 net: phy: Don't register LEDs for genphy

In the Linux kernel, the following vulnerability has been resolved: net: phy: Don't register LEDs for genphy If a PHY has no driver, the genphy driver is probed/removed directly in phyattach/detach. If the PHY's ofnode has an "leds" subnode, then the LEDs will be unregistered when probing/removin...

Rockwell Automation ArmorBlock 5000 I/O - Webserver

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to predict session numbers or perform privileged actions. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...

Linux Distros Unpatched Vulnerability : CVE-2021-46939

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tracing: Restructure traceclockglobal to never block It was reported that a fix to the ring buffer recursion detection would cause a hung machine when performin...

Microarchitectural Attacks on the Stack Engine

Summary Researchers from ETH Zurich have published a paper titled “One Flew over the Stack Engine’s Nest: Practical Microarchitectural Attacks on the Stack Engine.” AMD continues to recommend software developers employ existing best practices including constant time algorithm and avoid...

Linux Distros Unpatched Vulnerability : CVE-2022-50024

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dmaengine: dw-axi-dmac: do not print NULL LLI during error During debugging we have seen an issue where axichandumplli is passed a NULL LLI pointer which ends u...

Thwart Me If You Can: an Empirical Analysis of Android Platform Armoring against Stalkerware

Stalkerware is a serious threat to individuals' privacy that is receiving increased attention from the security and privacy research communities. Existing works have largely focused on studying leading stalkerware apps, dual-purpose apps, monetization of stalkerware, or the experience of survivor...

SUSE CVE-2025-38385

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in netifnapidellocked on disconnect Remove redundant netifnapidel call from disconnect path. A WARN may be triggered in netifnapidellocked during USB device disconnect: WARNING: CPU: 0 PID: 11 at...

Malicious Package

Overview chime-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

ShrinkBox: Backdoor Attack on Object Detection to Disrupt Collision Avoidance in Machine Learning-Based Advanced Driver Assistance Systems

Advanced Driver Assistance Systems ADAS significantly enhance road safety by detecting potential collisions and alerting drivers. However, their reliance on expensive sensor technologies such as LiDAR and radar limits accessibility, particularly in low- and middle-income countries. Machine...

Privacy-Preserving Drone Navigation through Homomorphic Encryption for Collision Avoidance

As drones increasingly deliver packages in neighborhoods, concerns about collisions arise. One solution is to share flight paths within a specific zip code, but this compromises business privacy by revealing delivery routes. For example, it could disclose which stores send packages to certain...

SUSE CVE-2025-38163

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on sbi-totalvalidblockcount syzbot reported a f2fs bug as below: ------------ cut here ------------ kernel BUG at fs/f2fs/f2fs.h:2521! RIP: 0010:decvalidblockcount+0x3b2/0x3c0 fs/f2fs/f2fs.h:2521 Call...

SUSE CVE-2025-49140

Pion Interceptor is a framework for building RTP/RTCP communication software. Versions v0.1.36 through v0.1.38 contain a bug in a RTP packet factory that can be exploited to trigger a panic with Pion based SFU via crafted RTP packets, This only affect users that use pion/interceptor. Users should...

RVISmith: Fuzzing Compilers for RVV Intrinsics

Modern processors are equipped with single instruction multiple data SIMD instructions for fine-grained data parallelism. Compiler auto-vectorization techniques that target SIMD instructions face performance limitations due to insufficient information available at compile time, requiring...

DEBIAN-CVE-2025-38120

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfsetpipapoavx2: fix initial map fill If the first field doesn't cover the entire start map, then we must zero out the remainder, else we leak those bits into the next match round map. The early fix was incomplete and...

AZL-62229 CVE-2025-48866 affecting package mod_security 2.9.4-1

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg - this is the same action but an alias is...

CVE-2024-40836

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, watchOS 10.6. A shortcut may be able to use sensitive data with certain actions without prompting the user...

CVE-2005-4753

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, in certain "heavy usage" scenarios, report incorrect severity levels for an audit event, which might allow attackers to perform unauthorized actions and avoid detection...

UBUNTU-CVE-2025-47279

Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, th...