Exploring the Jupyter Ecosystem: an Empirical Study of Bugs and Vulnerabilities

Background. Jupyter notebooks are one of the main tools used by data scientists. Notebooks include features configuration scripts, markdown, images, etc. that make them challenging to analyze compared to traditional software. As a result, existing software engineering models, tools, and studies d...

MacOS/iOS kernel double free due to incorrect API usage in flow divert socket option handling(CVE-2017-13867)

SOFLOWDIVERTTOKEN is a socket option on the SOLSOCKETlayer. It's implemented by flowdiverttokensetstruct socket so, struct sockopt sopt in flowdivert.c. The relevant code is: error = sooptgetmsopt, &token; if error goto done; error = sooptmcopyinsopt, token; if error goto done; ... done: if token...

Apple macOSiOS - Kernel Double Free due to Incorrect API Usage in Flow Divert Socket Option Handling

Apple macOSiOS - Kernel Double Free due to Incorrect API Usage in Flow Divert Socket Option Handling / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1373 SOFLOWDIVERTTOKEN is a socket option on the SOLSOCKET layer. It's implemented by flowdiverttokensetstruct socket so, struct...

Apple macOS/iOS - Kernel Double Free due to Incorrect API Usage in Flow Divert Socket Option Handling

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1373 SOFLOWDIVERTTOKEN is a socket option on the SOLSOCKET layer. It's implemented by flowdiverttokensetstruct socket so, struct sockopt sopt in flowdivert.c. The relevant code is: error = sooptgetmsopt, &token; if error goto don...

Debian DSA-1700-1 : lasso - incorrect API usage

It was discovered that Lasso, a library for Liberty Alliance and SAML protocols performs incorrect validation of the return value of OpenSSL's DSAverify function. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...