Training RL Agents for Multi-Objective Network Defense Tasks

Open-ended learning OEL -- which emphasizes training agents that achieve broad capability over narrow competency -- is emerging as a paradigm to develop artificial intelligence AI agents to achieve robustness and generalization. However, despite promising results that demonstrate the benefits of...

Know thyself, know thy environment

Welcome to this week's edition of the Threat Source newsletter. This week, I'm coming to you from Cisco Live in San Diego where I've just talked to a room that some of you may have been in, so writing this feels a bit surreal. It's really hard to try and write a cogent newsletter with all that's...

CVE-2025-21666

CVE-2025-21666 involves a null-pointer dereference in the Linux kernel when vsock_*_has_data/has_space is invoked on a socket that has been de-assigned from a transport. The problem is mitigated by returning 0 (no space/data) with a warning to keep execution stable. Connected documents confirm th...

kernel: ELF: fix kernel.randomize_va_space double read

In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomizevaspace double read ELF loader uses "randomizevaspace" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly on...

CVE-2024-42246 net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket

In the Linux kernel, the following vulnerability has been resolved: net, sunrpc: Remap EPERM in case of connection failure in xstcpsetupsocket When using a BPF program on kernelconnect, the call can return -EPERM. This causes xstcpsetupsocket to loop forever, filling up the syslog and causing the...

CVE-2022-48830 can: isotp: fix potential CAN frame reception race in isotp_rcv()

In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix potential CAN frame reception race in isotprcv When receiving a CAN frame the current code logic does not consider concurrently receiving processes which do not show up in real world usage. Ziyang Xuan writes: The...

DEBIAN-CVE-2024-24789

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...

[SECURITY] Fedora 40 Update: rust-libcramjam-0.3.0-3.fc40

Compression library combining a plethora of algorithms in a similar as possible API...

Fedora: Security Advisory for maven-remote-resources-plugin (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-47035

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Remove WO permissions on second-level paging entries When the first level page table is used for IOVA translation, it only supports Read-Only and Read-Write permissions. The Write-Only permission is not supported as t...

CVE-2021-47035

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Remove WO permissions on second-level paging entries When the first level page table is used for IOVA translation, it only supports Read-Only and Read-Write permissions. The Write-Only permission is not supported as t...

CVE-2021-46945 ext4: always panic when errors=panic is specified

In the Linux kernel, the following vulnerability has been resolved: ext4: always panic when errors=panic is specified Before commit 014c9caa29d3 "ext4: make ext4abort use ext4error", the following series of commands would trigger a panic: 1. mount /dev/sda -o ro,errors=panic test 2. mount /dev/sd...

Zero Redemption Amount in RdpxDecayingBonds Contract

Lines of code Vulnerability details Impact The redeem function, as described, checks whether the assets to be redeemed assets are not zero. This check is in place to ensure that a user isn't redeeming a non-zero amount of rdpxAmount tokens in exchange for zero assets. Such a check is essential to...

GSD-2022-1007879 macvlan: enforce a consistent minimal mtu

macvlan: enforce a consistent minimal mtu This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.80 by commit...

OPENSUSE-SU-2022:10095-1 Security update for nim

This update for nim fixes the following issues: Includes upstream security fixes for: boo1175333, CVE-2020-15693 httpClient is vulnerable to a CR-LF injection boo1175334, CVE-2020-15692 mishandle of argument to browsers.openDefaultBrowser boo1175332, CVE-2020-15694 httpClient.get.contentLength...

Double free

iouring use workflags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORINGOP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We...

[SECURITY] Fedora 35 Update: golang-github-docker-libnetwork-0.8.0-18.20220610gitf6ccccb.fc35

Libnetwork provides a native Go implementation for connecting containers. The goal of libnetwork is to deliver a robust Container Network Model that provides a consistent programming interface and the required network abstractions for applications...

Labtainers - A Docker-based Cyber Lab Framework

Labtainers include more than 50 cyber lab exercises and tools to build your own. Import a single VM appliance or install on a Linux system and your students are done with provisioning and administrative setup, for these and future lab exercises. Consistent lab execution environments and automated...

Zepp 6.1.4-play User Account Enumeration

Trovent Security Advisory 2108-02 User account enumeration in password reset function Overview Advisory ID: TRSA-2108-02 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2108-02 Affected product: Zepp Android mobile application...

Vivellio 1.2.1 User Account Enumeration Vulnerability

Vivellio version 1.2.1 suffers from a user account enumeration vulnerability. User account enumeration in password reset function Overview Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2108-01 Affected product: Vivellio Android mobile application...