Lucene search
K

10068 matches found

Packet Storm News
Packet Storm News
added 2025/08/05 12:0 a.m.3 views

Simulating Cyberattacks through a Breach Attack Simulation (BAS) Platform Empowered by Security Chaos Engineering (SCE)

In today digital landscape, organizations face constantly evolving cyber threats, making it essential to discover slippery attack vectors through novel techniques like Security Chaos Engineering SCE, which allows teams to test defenses and identify vulnerabilities effectively. This paper proposes...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/05 12:0 a.m.1 views

Bidirectional TLS Handshake Caching for Constrained Industrial IoT Scenarios

While TLS has become the de-facto standard for end-to-end security, its use to secure critical communication in evolving industrial IoT scenarios is severely limited by prevalent resource constraints of devices and networks. Most notably, the TLS handshake to establish secure connections incurs...

6.7AI score
Exploits0
OSV
OSV
added 2025/08/04 8:58 p.m.11 views

CLSA-2025-1754341122 java-1.8.0-openjdk: Fix of 4 CVEs

Update to shenandoah-jdk8u462-b08 GA - Security fixes from OpenJDK 8u462-b08: - CVE-2025-30749: fix 2D vulnerability allowing remote attackers to compromise JVM via network access - CVE-2025-30754: fix JSSE vulnerability allowing unauthorized data access via TLS connections - CVE-2025-30761: fix...

8.1CVSS6.8AI score0.01058EPSS
Exploits1References1
OSV
OSV
added 2025/08/04 3:6 p.m.2 views

SUSE-SU-2025:02682-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2024-42516: Fixed HTTP response splitting. bsc1246477 - CVE-2024-43204: Fixed a SSRF when modproxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. bsc1246305 - CVE-2024-47252: Fixed insufficie...

9.1CVSS5.8AI score0.04409EPSS
Exploits2References15
Packet Storm News
Packet Storm News
added 2025/08/03 12:0 a.m.3 views

"Energon": Unveiling Transformers from GPU Power and Thermal Side-Channels

Transformers have become the backbone of many Machine Learning ML applications, including language translation, summarization, and computer vision. As these models are increasingly deployed in shared Graphics Processing Unit GPU environments via Machine Learning as a Service MLaaS, concerns aroun...

6.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/08/01 12:0 a.m.4 views

PT-2025-32500 · Git · Libavc

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=435086517 Crash type: Heap-buffer-overflow READ 1 Crash state: isvcd decode recon tfr nmb base lyr isvcd parse inter slice data cabac isvcd parse pslice...

7.2AI score
Exploits0References2
OSV
OSV
added 2025/07/31 1:3 p.m.8 views

CLSA-2025-1753967026 java-1.8.0-openjdk: Fix of 4 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u462-b08 GA. That fixes following CVEs: - CVE-2025-30749: better Glyph drawing - CVE-2025-30754: enhance TLS protocol support - CVE-2025-30761: improve scripting supports - CVE-2025-50106: glyph out-of-memory access and crash...

8.1CVSS6.7AI score0.01058EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/07/31 12:0 a.m.3 views

PT-2025-33770

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A security issue was identified in NFS over TLS within the tls alert recv function. The vulnerability stems from an incorrect assumption regarding the validity of data within the messa...

7.6CVSS6.1AI score0.00146EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/30 12:0 a.m.2 views

DoS Attacks and Defense Technologies in Blockchain Systems: a Hierarchical Analysis

Blockchain technology is widely used in various fields due to its ability to provide decentralization and trustless security. This is a fundamental understanding held by many advocates, but it is misunderstood, leading participants to fail to recognize the limitations of the security that...

7AI score
Exploits0
Amazon
Amazon
added 2025/07/30 12:0 a.m.3 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: btrfs: don't drop extentmap for free space inode on write error CVE-2024-26726 In the Linux kernel, the following vulnerability has been resolved: tracing: Verify event formats that have "%p.." CVE-2025-37938 In t...

7.8CVSS6.5AI score0.00256EPSS
Exploits0
Amazon
Amazon
added 2025/07/30 12:0 a.m.7 views

Important: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15,...

8.6CVSS6.8AI score0.01058EPSS
Exploits1
Ubuntu
Ubuntu
added 2025/07/29 12:43 p.m.7 views

USN-7654-5: Linux kernel (Xilinx ZynqMP) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PA-RISC architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; -...

9.8CVSS7.1AI score0.01483EPSS
Exploits0
OSV
OSV
added 2025/07/29 12:43 p.m.13 views

USN-7654-5 linux-xilinx-zynqmp vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PA-RISC architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; -...

9.8CVSS6.4AI score0.01483EPSS
Exploits0References140
CNNVD
CNNVD
added 2025/07/29 12:0 a.m.2 views

TileServer PHP 安全漏洞

TileServer PHP is a folder hosting software from MapTiler Open Source. A security vulnerability exists in TileServer PHP version v2.0, which stems from the layer parameter not being HTML-encoded, and could lead to a cross-site scripting attack...

9.8CVSS5.9AI score0.02507EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2025/07/28 11:33 p.m.2 views

SUSE CVE-2024-47522

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, invalid ALPN in TLS/QUIC traffic when JA4 matching/logging is enabled can lead to Suricata aborting with a panic. This issue has been addressed in 7.0.7. O...

7.5CVSS6.9AI score0.00577EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/07/28 11:22 p.m.1 views

SUSE CVE-2025-38471

In the Linux kernel, the following vulnerability has been resolved: tls: always refresh the queue when reading sock After recent changes in net-next TCP compacts skbs much more aggressively. This unearthed a bug in TLS where we may try to operate on an old skb when checking if all skbs in the que...

7.7CVSS7.8AI score0.00152EPSS
Exploits0References63
Vulnrichment
Vulnrichment
added 2025/07/28 8:20 p.m.1 views

CVE-2025-54427 Polkadot Frontier contains missing `check_inherent` for `note_min_gas_price_target` inflates gas price

Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic notemingaspricetarget is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which...

6.9CVSS6.4AI score0.0055EPSS
Exploits0References3
OSV
OSV
added 2025/07/28 12:15 p.m.8 views

AZL-65949 CVE-2025-38471 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: tls: always refresh the queue when reading sock After recent changes in net-next TCP compacts skbs much more aggressively. This unearthed a bug in TLS where we may try to operate on an old skb when checking if all skbs in the que...

7.8CVSS6.3AI score0.00152EPSS
Exploits0References1
OSV
OSV
added 2025/07/28 2:14 a.m.4 views

USN-7673-1 openjdk-21-crac vulnerabilities

It was discovered that the 2D component of CRaC JDK 21 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2025-30749, CVE-2025-50106 VMashroor Hasan Bhuiyan discovered that the JSSE...

8.6CVSS6.9AI score0.01058EPSS
Exploits1References5
OSV
OSV
added 2025/07/28 2:7 a.m.5 views

USN-7672-1 openjdk-17-crac vulnerabilities

It was discovered that the 2D component of CRaC JDK 17 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2025-30749, CVE-2025-50106 VMashroor Hasan Bhuiyan discovered that the JSSE...

8.6CVSS6.9AI score0.01058EPSS
Exploits1References5
Rows per page
Query Builder