“Emergent Misalignment” in LLMs

Interesting research: "Emergent Misalignment: Narrow finetuning can produce broadly misaligned LLMs": Abstract: We present a surprising result regarding LLMs and alignment. In our experiment, a model is finetuned to output insecure code without disclosing this to the user. The resulting model act...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Remove WO permissions on second-level paging entries When the first level page table is used for IOVA translation, it only supports Read-Only and Read-Write permissions. The Write-Only permission is not supported as t...

Add premium doesn't collect fees

Lines of code Vulnerability details Summary Fees are applied to premiums when a new position is opened, but the same mechanism is not enforced when margin is added to an existing position. Impact When a new position is created in the LAMM protocol, fees are collected in favor of the LP owner that...

Insufficient Validation of Addresses Vulnerability

Lines of code Vulnerability details Summary The code suffers from an insufficient validation of addresses vulnerability. Although it uses the sdk.AccAddressFromBech32 function to convert addresses from Bech32 format to sdk.AccAddress, it fails to validate the addresses for their validity and...

Apache Tomcat Information Disclosure Vulnerability (CNVD-2021-11841)

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server. The program implements the Servlet and JavaServer Page JSP support. A security vulnerability exists in Apache Tomcat that stems from inconsistent behavior of the JRE API File.getCanonicalPath with...

PHP 5.5.12 - Locale::parseLocale Memory Corruption

Full Package: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/35358.tgz Description: ------------ PHP 5.5.12 suffers from a memory corruption vulnerability that could potentially be exploited to achieve remote code execution. The vulnerability exists due to...

openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2013:1142-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SuSE Update for xulrunner openSUSE-SU-2013:1143-1 (xulrunner)

Check for the Version of xulrunner OpenVAS Vulnerability Test $Id: gbsuse201311431.nasl 8045 2017-12-08 08:39:37Z santu $ SuSE Update for xulrunner openSUSE-SU-2013:1143-1 xulrunner Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This...

PreserveWrapper has inconsistent behavior — Mozilla

Mozilla developer Boris Zbarsky found that when PreserveWrapper was used in cases where a wrapper is not set, the preserved-wrapper flag on the wrapper cache is cleared. This could potentially lead to an exploitable crash...