CVE-2025-54304

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. When they are powered on, an X11 display server is started. The display server listens on all network interfaces and is accessible over port 6000. The X11 access control list, by default, allows connections from...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990160)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990160 advisory. In the Linux kernel, the following vulnerability has been resolved: i3c: master: Fix miss free initdynaddr at i3cmasterputi3caddrs if dev-boardinfo &&...

kernel: i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()

A vulnerability was found in the i3cmasterputi3caddrs function in the Linux kernel's i3c driver. A memory management issue can occur due to a copy-paste error between "dynaddr" and "initdynaddr", which leads to incorrect handling of memory, potentially causing resource mismanagement and instabili...

CVE-2024-58006

CVE-2024-58006 : In the Linux kernel, the PCI Domain (dwc) endpoint driver could allow changing a BAR’s size/flags via pci_epc_set_bar() without clearing the previous BAR, if the new BAR config matches the old. This could cause the inbound address translation range to become smaller than the host...

CVE-2024-56562

In the Linux kernel, the following vulnerability has been resolved: i3c: master: Fix miss free initdynaddr at i3cmasterputi3caddrs if dev-boardinfo && dev-boardinfo-initdynaddr ^^^ here check "initdynaddr" i3cbussetaddrslotstatus&master-bus, dev-info.dynaddr, ... ^^^^ free "dynaddr" Fix copy/past...

CVE-2024-56562 i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()

In the Linux kernel, the following vulnerability has been resolved: i3c: master: Fix miss free initdynaddr at i3cmasterputi3caddrs if dev-boardinfo && dev-boardinfo-initdynaddr ^^^ here check "initdynaddr" i3cbussetaddrslotstatus&master-bus, dev-info.dynaddr, ... ^^^^ free "dynaddr" Fix copy/past...

Risky use of Static Address

Lines of code Vulnerability details Impact We see a native token address used as 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE which is fine to use to denote native ether, but if this contract were to be deployed in another chain like Polygon, this would cause inconsistency issues. Proof of Concept...

[WP-M1] supplyTokenTo() may fail when Aave Pool address changed

Lines of code Vulnerability details function supplyTokenTouint256 depositAmount, address to external override nonReentrant uint256 shares = tokenToSharesdepositAmount; requireshares 0, "AaveV3YS/shares-gt-zero"; address underlyingAssetAddress = tokenAddress;...

GDB Front End: PINCE

GDB Front End: PINCE is not Cheat Engine PINCE is a front-end/reverse engineering tool for the GNU Project Debugger GDB, focused on games. But it can be used for any reverse-engineering related stuff. PINCE is an abbreviation for “PINCE is not Cheat Engine”. PINCE’s GUI is heavily “inspired;D” by...