Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the pqireportphysluns function in the smartpqi driver. When encountering unsupported data formats...

[SECURITY] Fedora 44 Update: htslib-1.23.1-1.fc44

HTSlib is an implementation of a unified C library for accessing common file formats, such as SAM, CRAM and VCF, used for high-throughput sequencing data, and is the core library used by samtools and bcftools...

Enhancing Deep Learning-Based Rotational-XOR Attacks on Lightweight Block Ciphers Simon32/64 and Simeck32/64

At CRYPTO 2019, Gohr pioneered neural cryptanalysis by introducing differential-based neural distinguishers to attack Speck32/64, establishing a novel paradigm combining deep learning with differential cryptanalysis.Since then, constructing neural distinguishers has become a significant approach ...

OESA-2025-1332 zvbi security update

The ZVBI library provides functions to read from Linux V4L, V4L2 and FreeBSD BKTR raw VBI capture devices, from Linux DVB devices and from a VBI proxy to share V4L and V4L2 VBI devices between multiple applications. It can demodulate raw to sliced VBI data in software, with support for a wide ran...

[SECURITY] Fedora 40 Update: yq-4.43.1-5.fc40

Yq is a portable command-line YAML, JSON, XML, CSV, TOML and properties processor...

[SECURITY] Fedora 41 Update: yq-4.43.1-5.fc41

Yq is a portable command-line YAML, JSON, XML, CSV, TOML and properties processor...

[SECURITY] Fedora 40 Update: biosig4c++-2.6.0-3.fc40

BioSig is a software library for processing of biomedical signals EEG, ECG, etc. with Matlab, Octave, C/C++ and Python. A standalone signal viewer supporting more than 30 different data formats is also provided...

CVE-2023-47114 Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR Packages

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. The Fides web application allows data subject users to request access to their personal data. If the...

GHSA-3VPF-MCJ7-5H38 Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR Packages

Impact The Fides web application allows data subject users to request access to their personal data. If the request is approved by the data controller user operating the Fides web application, the data subject's personal data can then retrieved from connected systems and data stores before being...

UBUNTU-CVE-2021-36401

In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk...

jettison: memory exhaustion via user-supplied XML or JSON data

A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack...

jettison: parser crash by stackoverflow

A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input,...

SUSE CVE-2022-40149

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

[SECURITY] Fedora 35 Update: gdal-3.3.3-1.fc35

Geospatial Data Abstraction Library GDAL/OGR is a cross platform C++ translator library for raster and vector geospatial data formats. As a library, it presents a single abstract data model to the calling application for all supported formats. It also comes with a variety of useful commandline...

How Our Threat Analytics Multi-Region Data Lake on AWS Stores More, Slashes Costs

Data is the lifeblood of digital businesses, and a key competitive advantage. The question is: how can you store your data cost-efficiently, access it quickly, while abiding by privacy laws? At Imperva, we wanted to store our data for long-term access. Databases would’ve cost too much in disk and...

[SECURITY] Fedora 28 Update: kst-2.0.8-20.fc28

Kst is a real-time data viewing and plotting tool with basic data analysis functionality. Kst contains many powerful built-in features and is expandable with plugins and extensions. Main features of kst include: Robust plotting of live "streaming" data. Powerful keyboard and mouse plot...

Application Security Testing — The Wallarm Approach

Testing the security of the corporate applications is a part of every-day life for Ops and DevOps professionals. Larger companies have whole teams dedicated to independent security testing, called Red Teams. These folks use various tools at their disposal to discover the flaws in both application...

[SECURITY] Fedora 26 Update: cryptlib-3.4.3.1-7.fc26

Cryptlib is a powerful security toolkit that allows even inexperienced cryp to programmers to easily add encryption and authentication services to their software. The high-level interface provides anyone with the ability to add strong security capabilities to an application in as little as half a...

Bypassing NGFW/WAFs using data format obfuscations

A lot of network security solutions today supports a lot data format inside HTTP and other protocols. The main question here is understanding, based on traffic analysis, which data formats such as JSON/Base64/XML/etc should be applied to which field. This is an analytically unsolvable problem...

Using WebSocket as your Real Time Protocol? Wallam got you covered.

In the beginning there was http 1 or 2, web pages were static and did not do much beyond displaying static text and images. Life has changed since… Web applications discovered that bi-directional communication between the browser and the web server is essential. Of course, http protocol, with it’...