24 matches found
[SECURITY] Fedora 44 Update: rust-astral-tokio-tar-0.6.2-1.fc44
A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...
[SECURITY] Fedora 43 Update: rust-astral-tokio-tar-0.6.2-1.fc43
A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...
[SECURITY] Fedora 43 Update: rust-astral-tokio-tar-0.6.1-1.fc43
A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...
[SECURITY] Fedora 44 Update: rust-astral-tokio-tar-0.6.0-1.fc44
A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...
Security without Detection: Economic Denial As a Primitive for Edge and IoT Defense
Detection-based security fails against sophisticated attackers using encryption, stealth, and low-rate techniques, particularly in IoT/edge environments where resource constraints preclude ML-based intrusion detection. We present Economic Denial Security EDS, a detection-independent framework tha...
[SECURITY] Fedora 43 Update: rust-astral-tokio-tar-0.5.6-1.fc43
A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...
[SECURITY] Fedora 42 Update: rust-astral-tokio-tar-0.5.6-1.fc42
A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...
EUVD-2025-4074
Malicious code in bioql PyPI...
CVE-2025-49597
handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This...
CVE-2025-49597
handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This...
CVE-2025-49597
The CVE-2025-49597 entry concerns handcraftedinthealps/goodby-csv prior to version 1.4.3. It describes an insecure deserialization gadget chain that, if an application deserializes untrusted data due to another vulnerability, could be leveraged to achieve remote code execution. The issue is patch...
[SECURITY] Fedora 41 Update: mozilla-ublock-origin-1.64.0-1.fc41
An efficient blocker: easy on memory and CPU footprint, and yet can load and enforce thousands more filters than other popular blockers out there. Flexible, it's more than an "ad blocker": it can also read and create filters from hosts files...
"Explain, Don'T Just Warn!" -- a Real-Time Framework for Generating Phishing Warnings with Contextual Cues
Anti-phishing tools typically display generic warnings that offer users limited explanation on why a website is considered malicious, which can prevent end-users from developing the mental models needed to recognize phishing cues on their own. This becomes especially problematic when these tools...
CVE-2025-46560
CVE-2025-46560 affects vLLM 0.8.0–0.8.4, where the multimodal tokenizer’s input preprocessing uses placeholder tokens replaced by repeated tokens. The replacement logic relies on inefficient list concatenation, yielding quadratic time complexity (O(n²)) and enabling resource exhaustion via crafte...
编号撤回
vLLM is vLLM open source a high throughput and memory efficient inference and service engine for LLM. This CVE number has been withdrawn...
编号撤回
vLLM is vLLM open source a high throughput and memory efficient inference and service engine for LLM. This CVE number has been withdrawn...
CVE-2025-29770
CVE-2025-29770 affects vLLM’s guided_decoding outlines backend. The vulnerability arises because outlines_logits_processors.py unconditionally uses outlines’ on-disk grammar cache, enabling a malicious user to send many short decoding requests with unique schemas and exhaust the filesystem, causi...
Code injection
Mattermost fails to unescape Markdown strings in a memory-efficient way, allowing an attacker to cause a Denial of Service by sending a message containing a large number of escaped characters...
[SECURITY] Fedora 37 Update: libmemcached-awesome-1.1.4-1.fc37
libmemcached-awesome is a C/C++ client library and tools for the memcached server https://memcached.org/. It has been designed to be light on memory usage, and provide full access to server side methods. This is a resurrection of the original work from Brian Aker at libmemcached.o rg...
Elpscrk - An Intelligent Common User-Password Profiler Based On Permutations And Statistics
An Intelligent common user-password profiler that's named after the same tool in Mr.Robot series S01E01 In simple words, elpscrk will ask you about all info you know about your target then will try to generate every possible password the target could think of, it all depends on the information yo...