Enhance Your Edge Native Apps with Low Latency Using Multiple EdgeWorkers

Learn how Flexible Composition lets you seamlessly deploy multiple EdgeWorkers in a single request for easier-to-build, scalable, edge native applications...

Protocol Dialects As Formal Patterns: a Composable Theory of Lingos -- Technical Report

Protocol dialects are methods for modifying protocols that provide light-weight security, especially against easy attacks that can lead to more serious ones. A lingo is a dialect's key security component by making attackers unable to "speak" the lingo. A lingo's "talk" changes all the time,...

Fishing for Phishers: Learning-Based Phishing Detection in Ethereum Transactions

Phishing detection on Ethereum has increasingly leveraged advanced machine learning techniques to identify fraudulent transactions. However, limited attention has been given to understanding the effectiveness of feature selection strategies and the role of graph-based models in enhancing detectio...

On the Consistency of GNN Explanations for Malware Detection

Control Flow Graphs CFGs are critical for analyzing program execution and characterizing malware behavior. With the growing adoption of Graph Neural Networks GNNs, CFG-based representations have proven highly effective for malware detection. This study proposes a novel framework that dynamically...

[SECURITY] Fedora 42 Update: qgis-3.42.1-2.fc42

Geographic Information System GIS manages, analyzes, and displays databases of geographic information. QGIS supports shape file viewing and editing, spatial data storage with PostgreSQL/PostGIS, projection on-the-fly, map composition, and a number of other features via a plugin interface. QGIS al...

CVE-2022-49755

CVE-2022-49755 affects the Linux kernel’s USB gadget path (usb: gadget: f_fs) and specifically the ffs_ep0_queue_wait flow. The vulnerability arises from a race between ffs_ep0_write/ffs_ep0_read and functionfs_unbind, where ep0req can be freed and there is no NULL check in ffs_ep0_queue_wait, ri...

CVE-2024-57723

lunasvg v3.0.0 was discovered to contain a segmentation violation via the component compositionsourceover...

PYSEC-2025-132

lunasvg v3.0.0 was discovered to contain a segmentation violation via the component compositionsourceover...

CVE-2024-57723

CVE-2024-57723 affects lunasvg and is reflected in Fedora advisories for lunasvg/imhex (Fedora 42–44 updates). The segmentation fault in composition_source_over is addressed by updating lunasvg to a newer version and by unbundling/consuming the bundled plutovg in the ecosystem, followed by rebuil...

LunaSVG 安全漏洞

LunaSVG is a standalone C SVG rendering library. A security vulnerability exists in LunaSVG, which stems from the inclusion of a segmentation violation found via the component compositionsourceover. No detailed vulnerability details are provided at this time...

CVE-2024-57723

lunasvg v3.0.0 was discovered to contain a segmentation violation via the component compositionsourceover...

PT-2025-3551 · Lunasvg · Lunasvg

Name of the Vulnerable Software and Affected Versions: lunasvg version 3.0.0 Description: The issue is a segmentation violation that occurs via the composition source over component. This can be exploited. Recommendations: For lunasvg version 3.0.0, consider disabling the composition source over...

PT-2024-11633 · Microsoft · Windows 11 +1

Name of the Vulnerable Software and Affected Versions: Windows 11 version 10.0.22000.593 Windows Server 2022 version 10.0.20348.643 Description: An access violation issue exists in the DirectComposition functionality of the win32kbase.sys driver. A specially-crafted set of syscalls can lead to a...

Elevate Your Container Security with QScanner in 2025

Securing container images is more important than ever in the dynamic world of cloud-native technologies. Organizations have long utilized reliable solutions from Qualys to scan their images, ensuring applications run smoothly and securely. These tools have played a crucial role in maintaining the...

October 8, 2024—KB5044281 (OS Build 20348.2762)

October 8, 2024—KB5044281 OS Build 20348.2762 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out when...

NIST Recommends Some Common-Sense Password Rules

NIST's second draft of its "SP 800-63-4"--its digital identify guidelines--finally contains some really good rules about passwords: The following requirements apply to passwords: 1. lVerifiers and CSPs SHALL require passwords to be a minimum of eight characters in length and SHOULD require...

CVE-2022-48929 bpf: Fix crash due to out of bounds access into reg2btf_ids.

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix crash due to out of bounds access into reg2btfids. When commit e6ac2450d6de "bpf: Support bpf program calling kernel function" added kfunc support, it defined reg2btfids as a cheap way to translate the verifier reg type ...

Spring Cloud Function Framework vulnerable to Denial of Service

In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Sprin...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write due to a segmentation violation in the compositionsolidsourceover component. An attacker can potentially execute arbitrary code by exploiting this vulnerability. Remediation Upgrade lunasvg to version 2.4.1 or higher...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write due to a segmentation violation in the compositionsolidsource component. An attacker can cause a denial of service. Remediation Upgrade lunasvg to version 2.4.1 or higher. References - GitHub Issue Credit: keepinggg...