SAMSUNG Escargot 安全漏洞

SAMSUNG Escargot is a memory-optimized JavaScript engine developed by South Korea’s Samsung Corporation. It is suitable for mid-range devices such as smartphones, tablets, and TVs. SAMSUNG Escargot has a security vulnerability caused by uncontrolled recursion, which may lead to the handling of...

Important: Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.9.0 release

Red Hat OpenShift distributed tracing platform Tempo 3.9.0 has been released This release of the Red Hat OpenShift distributed tracing platform Tempo provides new features, security improvements, and bug fixes. Breaking changes: Nothing Deprecations: Nothing Technology Preview features: Nothing...

EUVD-2025-27861

Malicious code in bioql PyPI...

CVE-2023-53151 md/raid10: prevent soft lockup while flush writes

In the Linux kernel, the following vulnerability has been resolved: md/raid10: prevent soft lockup while flush writes Currently, there is no limit for raid1/raid10 plugged bio. While flushing writes, raid1 has condresched while raid10 doesn't, and too many writes can cause soft lockup. Follow up...

[SECURITY] Fedora 40 Update: nginx-1.26.3-1.fc40

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

DEBIAN-CVE-2024-50263

In the Linux kernel, the following vulnerability has been resolved: fork: only invoke khugepaged, ksm hooks if no error There is no reason to invoke these hooks early against an mm that is in an incomplete state. The change in commit d24062914837 "fork: use mtdup to duplicate maple tree in dupmma...

Collide+Power, Downfall, and Inception: New Side-Channel Attacks Affecting Modern CPUs

Cybersecurity researchers have disclosed details of a trio of side-channel attacks that could be exploited to leak sensitive data from modern CPUs. Called Collide+Power CVE-2023-20583, Downfall CVE-2022-40982, and Inception CVE-2023-20569, the novel methods follow the disclosure of another newly...

A GC-Friendly Go Interning Cache

Ive seen a little gem pass by in a Go cryptography code review and I want to share it because I think its a pattern that can be reused. Lets start with a problem statement: crypto/x509 Certificate values take a bunch of memory, and for every open TLS connection you end up with a copy of the leaf...

Memory Utilization settings applied via WEM are not working

The customer was running WEM version 1811 and upgraded to version 2103 They had memory and CPU utilization settings applied via WEM that were working fine They noticed after the upgrade that memory load in the VDAs started spiking above 80% even though they have set memory optimization rules via...

Important: Red Hat Security Advisory: libvirt security and bug fix update

An update for libvirt is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Fedora 24 : webkitgtk4 (2017-b1abcbe695)

This update addresses the following vulnerabilities : - CVE-2017-2350, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356, CVE-2017-2362, CVE-2017-2363, CVE-2017-2364, CVE-2017-2365, CVE-2017-2366, CVE-2017-2369, CVE-2017-2371, CVE-2017-2373 Additional fixes : - Make accelerating compositing mode...

[SECURITY] Fedora 24 Update: xstream-1.4.9-1.fc24

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

Pemcracker - Tool To Crack Encrypted PEM Files

This tool is inspired by pemcrack by Robert Graham. The purpose is to attempt to recover the password for encrypted PEM files while utilizing all the CPU cores. It still uses high level OpenSSL calls in order to guess the password. As an optimization, instead of continually checking against the P...

I keep 200+ Browser Tabs Open, and My Computer Runs Absolutely Fine. Here’s My Secret.

I don't know about your part, but I make heavy use of tabs. I currently have 200+ tabs open in my Google Chrome Web browser. And sometimes the number is even more. For me it's a daily thing, as I regularly open new tabs because of my habit of reading lots of stuff online, including cyber security...

[SECURITY] Fedora 20 Update: libserf-1.3.7-1.fc20

The serf library is a C-based HTTP client library built upon the Apache Portable Runtime APR library. It multiplexes connections, running the read/write communication asynchronously. Memory copies and transformations are kept to a minimum to provide high performance operation...

Fedora Core 5 : kernel-2.6.17-1.2157_FC5 (2006-806)

Rebase to latest upstream 2.6.17.4 -stable release, which fixes a security issue which could result in local priveledge escalation. More details at: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.4 In addition, an optimisation was performed to use significantly less memory for sever...

Fedora Core 4 : kernel-2.6.17-1.2142_FC4 (2006-801)

Rebase to latest upstream 2.6.17.4 -stable release, which fixes a security issue which could result in local priveledge escalation. More details at: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.4 In addition, an optimisation was performed to use significantly less memory for sever...