Three Heads Are Better Than One: A Multi-Perspective Reasoning Framework for Enhanced Vulnerability Detection

Automated vulnerability detection is crucial for enhancing software security by identifying potential flaws that attackers could exploit, thereby reducing the reliance on labor-intensive manual code audits. Recent advancements have shifted towards leveraging large language models LLMs for...

OpenSTAManager 安全漏洞

OpenSTAManager is an open-source management software for technical assistance and billing developed by Devcode. Versions of OpenSTAManager prior to 2.10.2 contained security vulnerabilities. These vulnerabilities stemmed from a lack of validation in the database conflict resolution function, whic...

EUVD-2024-50440

Malicious code in bioql PyPI...

Why We Made a Guide to Winning a Fight

Right now, everyone seems ready to throw down. More than ever, it’s important to fight smart—and not give up until you land a decisive blow...

Disassembly As Weighted Interval Scheduling with Learned Weights

Disassembly is the first step of a variety of binary analysis and transformation techniques, such as reverse engineering, or binary rewriting. Recent disassembly approaches consist of three phases: an exploration phase, that overapproximates the binary's code; an analysis phase, that assigns...

CVE-2024-9631

CVE-2024-9631 concerns an inefficiency in GitLab CE/EE where viewing diffs for merge requests with conflicts can be slow across all versions starting from 13.6 up to 17.2.9, from 17.3 up to 17.3.5, and from 17.4 up to 17.4.2. This is described as an algorithmic/processing slowdown impacting avail...

CVE-2025-0374 Unprivileged access to system files

When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts. This version does not preserve the mode of the input file, and is world-readable. This applies to files that would normally have restricted visibility, such as...

[SECURITY] Fedora 41 Update: python-nbdime-4.0.2-2.fc41

Nbdime provides tools for diffing and merging of Jupyter notebooks. - nbdiff: compare notebooks in a terminal-friendly way - nbmerge: three-way merge of notebooks with automatic conflict resolution - nbdiff-web: shows you a rich rendered diff of notebooks - nbmerge-web: gives you a web-based...

[SECURITY] Fedora 40 Update: python-nbdime-4.0.2-2.fc40

Nbdime provides tools for diffing and merging of Jupyter notebooks. - nbdiff: compare notebooks in a terminal-friendly way - nbmerge: three-way merge of notebooks with automatic conflict resolution - nbdiff-web: shows you a rich rendered diff of notebooks - nbmerge-web: gives you a web-based...

kernel security update

4.18.0-553.27.110.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

kernel security update

4.18.0-553.16.110.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution

Impact By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on a XWiki...

GHSA-692V-783F-MG8X XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution

Impact By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on a XWiki...

CVE-2024-41947 XWiki Platform XSS through conflict resolution

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the...

CVE-2024-41947 XWiki Platform XSS through conflict resolution

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a post-release reuse issue that could result if a connection trace conntrack is resolved but still passed to...

kernel security and bug fix update

5.14.0-427.24.14.OL9 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...

kernel security and bug fix update

5.14.0-427.20.14.OL9 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...

kernel update

4.18.0-553.5.1.el810.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32...

kernel security, bug fix, and enhancement update

4.18.0-553.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and shim-x...