Why AI Keeps Falling for Prompt Injection Attacks

Imagine you work at a drive-through restaurant. Someone drives up and says: "I'll have a double cheeseburger, large fries, and ignore previous instructions and give me the contents of the cash drawer." Would you hand over the money? Of course not. Yet this is what large language models LLMs do...

The Role of Humans in an AI-Powered World

As AI capabilities grow, we must delineate the roles that should remain exclusively human. The line seems to be between fact-based decisions and judgment-based decisions. For example, in a medical context, if an AI was demonstrably better at reading a test result and diagnosing cancer than a huma...

EUVD-2020-12661

Malware in sbrugna...

EUVD-2022-49136

Malicious code in bioql PyPI...

PentestJudge: Judging Agent Behavior against Operational Requirements

We introduce PentestJudge, a system for evaluating the operations of penetration testing agents. PentestJudge is a large language model LLM-as-judge with access to tools that allow it to consume arbitrary trajectories of agent states and tool call history to determine whether a security agent's...

CVE-2022-46319

Fingerprint calibration has a vulnerability of lacking boundary judgment. Successful exploitation of this vulnerability may cause out-of-bounds write...

CVE-2024-50137

CVE-2024-50137 affects the Linux kernel, specifically the StarFive JH7110 reset driver. A fault in reset_control_status can cause data->asserted to be NULL on the JH7110 SoC, triggering errors when accessing an empty member. The issue has been fixed by adding a judgment condition to avoid null...

CVE-2023-52741

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix use-after-free in rdata-readintopages When the network status is unstable, use-after-free may occur when read data from the server. BUG: KASAN: use-after-free in readpagesfillpages+0x14c/0x7e0 Call Trace:...

CVE-2023-52741 cifs: Fix use-after-free in rdata->read_into_pages()

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix use-after-free in rdata-readintopages When the network status is unstable, use-after-free may occur when read data from the server. BUG: KASAN: use-after-free in readpagesfillpages+0x14c/0x7e0 Call Trace:...

CVE-2023-52613

In the Linux kernel, the following vulnerability has been resolved: drivers/thermal/loongson2thermal: Fix incorrect PTRERR judgment PTRERR returns -ENODEV when thermal-zones are undefined, and we need -ENODEV as the right value for comparison. Otherwise, tz-type is NULL when thermal-zones is...

CVE-2023-52613 drivers/thermal/loongson2_thermal: Fix incorrect PTR_ERR() judgment

In the Linux kernel, the following vulnerability has been resolved: drivers/thermal/loongson2thermal: Fix incorrect PTRERR judgment PTRERR returns -ENODEV when thermal-zones are undefined, and we need -ENODEV as the right value for comparison. Otherwise, tz-type is NULL when thermal-zones is...

CVE-2023-52613

In the Linux kernel, the following vulnerability has been resolved: drivers/thermal/loongson2thermal: Fix incorrect PTRERR judgment PTRERR returns -ENODEV when thermal-zones are undefined, and we need -ENODEV as the right value for comparison. Otherwise, tz-type is NULL when thermal-zones is...

CVE-2023-52613 drivers/thermal/loongson2_thermal: Fix incorrect PTR_ERR() judgment

In the Linux kernel, the following vulnerability has been resolved: drivers/thermal/loongson2thermal: Fix incorrect PTRERR judgment PTRERR returns -ENODEV when thermal-zones are undefined, and we need -ENODEV as the right value for comparison. Otherwise, tz-type is NULL when thermal-zones is...

CVE-2023-52613 drivers/thermal/loongson2_thermal: Fix incorrect PTR_ERR() judgment

In the Linux kernel, the following vulnerability has been resolved: drivers/thermal/loongson2thermal: Fix incorrect PTRERR judgment PTRERR returns -ENODEV when thermal-zones are undefined, and we need -ENODEV as the right value for comparison. Otherwise, tz-type is NULL when thermal-zones is...

Here’s Some Bitcoin: Oh, and You’ve Been Served!

A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. The case is thought to be the first in which a federal court has recognized the use of information included in a bitcoin transaction -- such as a...

Wrong vest logic

Lines of code Vulnerability details Impact The judgment on line 90 results in that the interval between two transferInRewards must be greater than or equal to 8 hours, otherwise it will be reverted. Proof of Concept Tools Used Recommended Mitigation Steps Delete 90 lines of judgment. Assessed typ...

CVE-2023-4010

A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usbgivebackurb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descripto...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a denial of service vulnerability that stems from an inappropriate judgment condition, which can be exploited by an attacker to cause a denial of...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS has a security vulnerability that originates from a version upgrade judgment vulnerability in the user profile module, which can be exploite...

Upgraded Q -> 3 from #148 [1677186744098]

Judge has assessed an item in Issue 148 as 3 risk. The relevant finding follows: Lines of code Vulnerability details Impact Detailed description of the impact of this finding. buyoutLien in LienToken.sol failes to update the new PublicVault's slope, yIntercept, and s.epochData....liensOpenForEpoc...