15 matches found
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from inconsistent fsck operations during the block migration of f2fs FGGC nodes. This vulnerability ma...
CVE-2026-4364
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows certificate listings retrieved via a browser session to return a...
USN-8104-1 flask vulnerability
Shourya Jaiswal discovered that Flask did not correctly mark certain web responses as user-specific. A remote attacker could possibly use this issue to obtain sensitive information...
DHS Ousts CBP Privacy Officers Who Questioned ‘Illegal’ Orders
Department of Homeland Security leaders removed top privacy officers who objected to mislabeling government records to block their public release, WIRED has learned...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that encdechypercall accepts page counts instead of sizes, which could result in page mislabeling...
`Reader::open_mmap` unsoundly marks unsafe memmap operation as safe
maxminddb prior to version 0.27 declared Reader::openmmap as safe despite wrapping an inherently unsafe memmap2 operation with no extra step done to guarantee safety. This could have led to undefined behaviour if the file were to be modified on disk while the memory map was still active...
BIT-LIBPYTHON-2023-27043
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...
On the Feasibility of Poisoning Text-To-Image AI Models Via Adversarial Mislabeling
Today's text-to-image generative models are trained on millions of images sourced from the Internet, each paired with a detailed caption produced by Vision-Language Models VLMs. This part of the training pipeline is critical for supplying the models with large volumes of high-quality image-captio...
K000151542: OpenSSL vulnerability CVE-2025-4575
Security Advisory Description Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Impact summary: If a user intends to make a trusted certificate rejected for a particular use it will be instead marked as truste...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not properly labeling the text patch area, which could lead to out-of-bounds access...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the powerpc/pseries/iommu module mislabeling the MMIO range in DDW...
[M03] Incorrect price calculation for non-stablecoin pairs marked as stable
Lines of code Vulnerability details Impact Pairs that don't have NOTE token but that are still marked as stable will always have an incorrect price calculated for them. Proof of Concept As it can be concluded from the code, stablecoin pairs are pairs with NOTE token: However, there's a separate...
UBUNTU-CVE-2020-15658
The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR 78.1, Firefox...
Friday Squid Blogging: Squid Falsely Labeled as Octopus
Two New Yorkers have been charged with importing squid from Peru and then reselling it as octopus. Yet another problem that a blockchain-enabled supply-chain system won't solve. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read ...
Enigmail Signature Spoofing Vulnerability
Enigmail is a data encryption and decryption extension for Mozilla Thunderbird and SeaMonkey web packages that provides OpenPGP's email public key encryption and signing capabilities. A signature spoofing vulnerability exists in versions of Enigmail prior to 1.9.9. The vulnerability arises becaus...