8 matches found
Janus: Compiler-Based Defense against Transient Execution Attacks Using ARM Hardware Primitives
We present Janus, a compiler-based security framework that mitigates transient execution attacks like Spectre and control-flow hijacking on ARM64 platforms. Janus integrates speculative execution and control flow dependencies with PA modifiers, using PA and BTI microarchitectural features to...
EUVD-2020-29287
Malware in sbrugna...
EUVD-2024-21337
Malicious code in bioql PyPI...
CVE-2024-36361
CVE-2024-36361 affects the Pug library up to version 3.0.2 . It allows JavaScript code execution when an application passes untrusted input to the name option of the functions that compile templates to JavaScript (compileClient, compileFileClient, compileClientWithDependenciesTracked). The descri...
CVE-2023-29404 Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. The arguments for a...
ALSA-2021:4386 Low: gcc security and bug fix update
The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fixes: libiberty: Integer overflow in demangletemplate function CVE-2018-20673 For more details about the security issues, including the impact, a CVSS score,...
Hiding Vulnerabilities in Source Code
Really interesting research demonstrating how to hide vulnerabilities in source code by manipulating how Unicode text is displayed. Its really clever, and not the sort of attack one would normally think about. From Ross Andersons blog: We have discovered ways of manipulating the encoding of sourc...
Fedora Update for mingw-qt5-qt3d FEDORA-2019-3c45bd2cc3
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...