Linux Distros Unpatched Vulnerability : CVE-2022-3964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZ...

Advisory ROSA-SA-2025-2949

software: ffmpeg 4.4.6 OS: ROSA-CHROME unaffected versions = ffmpeg-4.4.6-1 affected versions ffmpeg-4.4.6-1 CVE-ID: CVE-2025-1594 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A buffer overflow vulnerability in FFmpeg allows a remote attacker to initiate an attack via the ffaacsearchfortns function in...

Log2Sig: Frequency-Aware Insider Threat Detection Via Multivariate Behavioral Signal Decomposition

Insider threat detection presents a significant challenge due to the deceptive nature of malicious behaviors, which often resemble legitimate user operations. However, existing approaches typically model system logs as flat event sequences, thereby failing to capture the inherent frequency dynami...

"Energon": Unveiling Transformers from GPU Power and Thermal Side-Channels

Transformers have become the backbone of many Machine Learning ML applications, including language translation, summarization, and computer vision. As these models are increasingly deployed in shared Graphics Processing Unit GPU environments via Machine Learning as a Service MLaaS, concerns aroun...

RLSA-2025:9119 Important: libvpx security update

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fixes: libvpx: Double-free in libvpx encoder CVE-2025-5283 For more details about the security issues, including the impac...

kernel: drm/amd/display: Implement bounds check for stream encoder creation in DCN301

A vulnerability was found in the DRM/AMD/Display module of the Linux Kernel. An out-of-bounds access exists in the 'streamencregs' array within DCN301, while accessing the array with 'engid,’ could lead to an out-of-bounds access beyond its four-element size, which can cause a system crash...

HyDRA: a Hybrid Dual-Mode Network for Closed- and Open-Set RFFI with Optimized VMD

Device recognition is vital for security in wireless communication systems, particularly for applications like access control. Radio Frequency Fingerprint Identification RFFI offers a non-cryptographic solution by exploiting hardware-induced signal distortions. This paper proposes HyDRA, a Hybrid...

CVE-2025-1709 CVE-2025-1709

Several credentials for the local PostgreSQL database are stored in plain text partially base64 encoded...

spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length

A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...

spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length

A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...

spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length

A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...

spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length

A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...

spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length

A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...

spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length

A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...

DEBIAN-CVE-2025-5878

A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of the SQL Injection Defense. An attack leads to an improper neutralization of special elements. The attack may be initiated remotely and an exploit has been...

UBUNTU-CVE-2025-5878

A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of the SQL Injection Defense. An attack leads to an improper neutralization of special elements. The attack may be initiated remotely and an exploit has been...

ARMOR: Robust Reinforcement Learning-Based Control for UAVs under Physical Attacks

Unmanned Aerial Vehicles UAVs depend on onboard sensors for perception, navigation, and control. However, these sensors are susceptible to physical attacks, such as GPS spoofing, that can corrupt state estimates and lead to unsafe behavior. While reinforcement learning RL offers adaptive control...

Vulnerability of the dpu_encoder_phys_init() function in the drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c module – This driver for supporting the Direct Rendering Infrastructure (DRI) of the Linux operating system allows a hacker to compromise the confidentiality, integrity, and accessibility of protected information.

Vulnerability of the dpuencoderphysinit function in the drivers/gpu/drm/msm/disp/dpu1/dpuencoder.c module – The driver for supporting Direct Rendering Infrastructure DRI in Linux kernel is vulnerable to synchronization errors when using shared resources. Exploiting this vulnerability could allow...

WebGuard++: Interpretable Malicious URL Detection Via Bidirectional Fusion of HTML Subgraphs and Multi-Scale Convolutional BERT

URL+HTML feature fusion shows promise for robust malicious URL detection, since attacker artifacts persist in DOM structures. However, prior work suffers from four critical shortcomings: 1 incomplete URL modeling, failing to jointly capture lexical patterns and semantic context; 2 HTML graph...

libvpx: Double-free in libvpx encoder

A flaw was found in libvpx. A double-free issue can occur in vpxcodecencinitmulti after a failed allocation when initializing the encoder for WebRTC. This can cause memory corruption and an exploitable crash...