DEBIAN-CVE-2022-50366

In the Linux kernel, the following vulnerability has been resolved: powercap: intelrapl: fix UBSAN shift-out-of-bounds issue When value timeunit, the parameter of ilog2 will be zero and the return value is -1. u64-1 is too large for shift exponent and then will trigger shift-out-of-bounds: shift...

CVE-2025-38257

The CVE-2025-38257 vulnerability is in the Linux kernel (s390/pkey) where the size calculation for memdup_user() can overflow because the number of apqn target list entries (nr_apqns) is supplied by userspace via ioctl, causing the allocated area size to diverge from its description and leading t...

Rational Miner Behaviour, Protocol Stability, and Time Preference: an Austrian and Game-Theoretic Analysis of Bitcoin'S Incentive Environment

This paper integrates Austrian capital theory with repeated game theory to examine strategic miner behaviour under different institutional conditions in blockchain systems. It shows that when protocol rules are mutable, effective time preference rises, undermining rational long-term planning and...

CVE-2025-3496

An unauthenticated remote attacker can cause a buffer overflow which could lead to unexpected behaviour or DoS via Bluetooth or RS-232 interface...

kernel: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()

In the Linux kernel, the following vulnerability has been resolved: iscsiibft: Fix UBSAN shift-out-of-bounds warning in ibftattrshownic When performing an iSCSI boot using IPv6, iscsistart still reads the /sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 prefix length is 64, this...

Take control of Cache-Control and local caching

TL;DR Caching speeds up website content delivery What caching directives are and how to use them The No-cache directive does not prevent caching The No-store directiveprevents caching Introduction The HTTP Cache-Control header is sometimes misunderstood. It's important because it is used to speci...

CVE-2024-27284

cassandra-rs is a Cassandra CQL driver for Rust. Code that attempts to use an item e.g., a row returned by an iterator after the iterator has advanced to the next item will be accessing freed memory and experience undefined behaviour. The problem has been fixed in version 3.0.0...

UBUNTU-CVE-2024-49933

In the Linux kernel, the following vulnerability has been resolved: blkiocost: fix more out of bound shifts Recently running UBSAN caught few out of bound shifts in the iocforgivedebts function: UBSAN: shift-out-of-bounds in block/blk-iocost.c:2142:38 shift exponent 80 is too large for 64-bit typ...

CVE-2024-49933 blk_iocost: fix more out of bound shifts

In the Linux kernel, the following vulnerability has been resolved: blkiocost: fix more out of bound shifts Recently running UBSAN caught few out of bound shifts in the iocforgivedebts function: UBSAN: shift-out-of-bounds in block/blk-iocost.c:2142:38 shift exponent 80 is too large for 64-bit typ...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-45025)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-45025 advisory. - In the Linux kernel, the following vulnerability has been resolved: fix bitmap corruption on closerange with...

MongoDB Server may access non-initialized region of memory leading to unexpected behaviour

MongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation stage. This issue affected MongoDB Server v6.0 version 6.0.3...

BIT-CILIUM-2024-42487 Cilium's Gateway API route matching order contradicts specification

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular,...

CVE-2024-41945

fuels-ts is a library for interacting with Fuel v2. The typescript SDK has no awareness of to-be-spent transactions causing some transactions to fail or silently get pruned as they are funded with already used UTXOs. The problem occurs, because the fund function in...

AZL-62618 CVE-2024-39478 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Do not free stack buffer RSA text data uses variable length buffer allocated in software stack. Calling kfree on it causes undefined behaviour in subsequent operations...

CVE-2024-39478

In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Do not free stack buffer RSA text data uses variable length buffer allocated in software stack. Calling kfree on it causes undefined behaviour in subsequent operations...

CVE-2024-39478 crypto: starfive - Do not free stack buffer

In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Do not free stack buffer RSA text data uses variable length buffer allocated in software stack. Calling kfree on it causes undefined behaviour in subsequent operations...

CVE-2024-39478 crypto: starfive - Do not free stack buffer

In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Do not free stack buffer RSA text data uses variable length buffer allocated in software stack. Calling kfree on it causes undefined behaviour in subsequent operations...

CVE-2024-39478

The CVE-2024-39478 vulnerability affects the Linux kernel crypto: starfive code path, where RSA text data uses a variable-length buffer allocated on the software stack. Calling kfree on that buffer can cause undefined behavior in subsequent operations, due to freeing a stack-allocated buffer. The...

GHSA-CJCC-P67M-7QXM Unsafe Reflection in base Component class in yiisoft/yii2

Yii2 supports attaching Behaviors to Components by setting properties having the format 'as '. Internally this is done using the set magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using Yii::createObject$value. However, ther...

silverstripe/framework password encryption salt not updated

When a user changes their password, the internal salt used for hashing their password is not updated. Although this is not considered a security vulnerability, this behaviour has been improved to ensure the salt is reset on change of password...