Important: amazon-cloudwatch-agent

Issue Overview: Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. CVE-2024-34155 Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a...

Linux Distros Unpatched Vulnerability : CVE-2022-42004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use ...

Linux Distros Unpatched Vulnerability : CVE-2018-3750

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can contro...

Implementing Cryptography in AI Systems

Interesting research: "How to Securely Implement Cryptography in Deep Neural Networks." Abstract: The wide adoption of deep neural networks DNNs raises the question of how can we equip them with a desired cryptographic functionality e.g, to decrypt an encrypted input, to verify that this input is...

CVE-2024-57257

A stack consumption issue in sqfssize in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising...

CVE-2024-57257

A stack consumption issue in sqfssize in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting...

UBUNTU-CVE-2024-57257

A stack consumption issue in sqfssize in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting...

SUSE CVE-2024-57257

A stack consumption issue in sqfssize in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting...

N. Korean Hackers Suspected in DEEP#DRIVE Attacks Against S. Korea

A phishing attack dubbed DEEPDRIVE is targeting South Korean entities, with thousands already affected. North Korean hackers from…...

SUSE CVE-2023-5841

Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2...

CVE-2024-55241

An issue in deep-diver LLM-As-Chatbot before commit 99c2c03 allows a remote attacker to execute arbitrary code via the modelsbyom.py component...

CVE-2024-55241

An issue in deep-diver LLM-As-Chatbot before commit 99c2c03 allows a remote attacker to execute arbitrary code via the modelsbyom.py component...

CVE-2025-0851

A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library DJL on all platforms allows a bad actor to write files to arbitrary locations...

CVE-2024-55241

CVE-2024-55241 affects the deep-diver LLM-As-Chatbot prior to commit 99c2c03. The issue resides in the modelsbyom.py component and enables a remote attacker to execute arbitrary code. The existing entry indicates a high-severity impact (CVSS 3.1: HIGH, 8.8) with network attack potential and no us...

CVE-2024-55241

An issue in deep-diver LLM-As-Chatbot before commit 99c2c03 allows a remote attacker to execute arbitrary code via the modelsbyom.py component...

CVE-2024-21625

SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol sidequest:// to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized...

CVE-2024-36358

A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to...

CVE-2024-27454

orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...

defaults 安全漏洞

defaults is a library by the individual developer Nathan Houle. When the value of an enumerable property owned on a source object is undefined, copying that property from the source object to the target object A security vulnerability exists in defaults version v2.0.1, which stems from the lib.de...

PT-2025-5766 · Npm · @Ndhoule/Defaults

Name of the Vulnerable Software and Affected Versions: @ndhoule/defaults version 2.0.1 Description: A prototype pollution in the lib.deep function allows attackers to cause a Denial of Service DoS via supplying a crafted payload. Recommendations: For @ndhoule/defaults version 2.0.1, consider...