67 matches found
security-research
Security Research This project hosts security advisories and...
netty-security-poc
Netty Security PoC — Deprecated API Risk & Patched API Validat...
CVE-2025-71161 dm-verity: disable recursive forward error correction
In the Linux kernel, the following vulnerability has been resolved: dm-verity: disable recursive forward error correction There are two problems with the recursive correction: 1. It may cause denial-of-service. In fecreadbufs, there is a loop that has 253 iterations. For each iteration, we may ca...
Invisible Ears at Your Fingertips: Acoustic Eavesdropping Via Mouse Sensors
Modern optical mouse sensors, with their advanced precision and high responsiveness, possess an often overlooked vulnerability: they can be exploited for side-channel attacks. This paper introduces Mic-E-Mouse, the first-ever side-channel attack that targets high-performance optical mouse sensors...
USN-7686-1: Linux kernel (Raspberry Pi) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PA-RISC architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; -...
USN-7654-3: Linux kernel (FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PA-RISC architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; -...
A Mixture of Linear Corrections Generates Secure Code
Large language models LLMs have become proficient at sophisticated code-generation tasks, yet remain ineffective at reliably detecting or avoiding code vulnerabilities. Does this deficiency stem from insufficient learning about code vulnerabilities, or is it merely a result of ineffective...
USN-7511-2: Linux kernel (GCP FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Network block device...
USN-7381-1: Linux kernel (Low Latency) vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service system crash or possibly execute arbitrary code...
SUSE: Security Advisory (SUSE-SU-2024:2189-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-RU-2024:4213-1 Recommended update for helm
helm was updated to fix the following issues: Update to version 3.16.3: fix: fix label name Fix typo in pkg/lint/rules/chartfiletest.go Increasing the size of the runner used for releases. fixhooks: correct hooks delete order Bump github.com/containerd/containerd from 1.7.12 to 1.7.23 Update to...
SUSE-SU-2024:4122-1 Security update for the Linux Kernel RT (Live Patch 10 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505001335 fixes several issues. The following security issues were fixed: - CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool bsc1225429. - CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. - CVE-2024-43861: Fix...
USN-7121-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ATM...
RHSA-2018:2602 Red Hat Security Advisory: kernel security update
Bulletin has no description...
SUSE-SU-2024:1673-1 Security update for python-Pillow
This update for python-Pillow fixes the following issues: - Fixed ImagePath.Path array handling bsc1194552, CVE-2022-22815, bsc1194551, CVE-2022-22816 - Use snprintf instead of sprintf bsc1188574, CVE-2021-34552 - Fix Memory DOS in Icns, Ico and Blp Image Plugins. bsc1183110, CVE-2021-27921,...
SUSE-SU-2024:1345-1 Security update for tomcat
This update for tomcat fixes the following issues: - CVE-2024-24549: Fixed denial of service during header validation for HTTP/2 stream bsc1221386 - CVE-2024-23672: Fixed denial of service due to malicious WebSocket client keeping connection open bsc1221385 Other fixes: - Update to Tomcat 9.0.87...
Fedora: Security Advisory for optipng (FEDORA-2023-f3389245ce)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2023:3563-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2023:3983-1 Security update for poppler
This update for poppler fixes the following issues: - CVE-2020-23804: Fixed uncontrolled recursion in pdfinfo and pdftops bsc1215422. - CVE-2020-36024: Fixed NULL Pointer Deference in FoFiType1C:convertToType1 bsc1214257. - CVE-2022-37050: Fixed denial-of-service via savePageAs in PDFDoc.c...
OPENSUSE-SU-2023:0171-1 Security update for nextcloud-desktop
This update for nextcloud-desktop fixes the following issues: Update ot 3.8.0 - Resize WebView widget once the loginpage rendered - Feature/secure file drop - Check German translation for wrong wording - L10n: Correct word - Fix displaying of file details button for local syncfileitem activities ...