Does Johnny Get the Message? Evaluating Cybersecurity Notifications for Everyday Users

Due to the increasing presence of networked devices in everyday life, not only cybersecurity specialists but also end users benefit from security applications such as firewalls, vulnerability scanners, and intrusion detection systems. Recent approaches use large language models LLMs to rewrite...

CVE-2024-0017

In shouldUseNoOpLocation of CameraActivity.java, there is a possible confused deputy due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

Blockchain-Enabled Decentralized Privacy-Preserving Group Purchasing for Energy Plans

Retail energy markets are increasingly consumer-oriented, thanks to a growing number of energy plans offered by a plethora of energy suppliers, retailers and intermediaries. To maximize the benefits of competitive retail energy markets, group purchasing is an emerging paradigm that aggregates...

POWERCOM UPSMON PRO Path Traversal (CVE-2022-38120) and Credential Harvester (CVE-2022-38121)

This module exploits a path traversal vulnerability in UPSMON PRO use auxiliary/gather/upsmontraversal msf auxiliaryupsmontraversal show actions ...actions... msf auxiliaryupsmontraversal set ACTION msf auxiliaryupsmontraversal show options ...show and set options... msf auxiliaryupsmontraversal...

Instantiating Standards: Enabling Standard-Driven Text TTP Extraction with Evolvable Memory

Extracting MITRE ATT&CK Tactics, Techniques, and Procedures TTPs from natural language threat reports is crucial yet challenging. Existing methods primarily focus on performance metrics using data-driven approaches, often neglecting mechanisms to ensure faithful adherence to the official standard...

SUSE CVE-2022-49867

In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix memory leak in ipcwwandellink IOSM driver registers network device without setting the needsfreenetdev flag, and does NOT call freenetdev when unregisters network device, which causes a memory leak. This patc...

Configure Audit Rules for File Access Control Permissions

File access permission control is the basic permission management in Linux. Different users can access different files after being authorized. This prevents sensitive information leakage or file data tampering between users and prevents common users from accessing high-permission files or...

Ensure That the Session Timeout Period Is Set Correctly

Setting a proper timeout duration of sessions can reduce the risk of system attacks caused by manual operations of the administrator. To ensure ease of use of the community version in different scenarios, the session timeout interval is not configured in openEuler distributions by default...

LLM Security: Vulnerabilities, Attacks, Defenses, and Countermeasures

As large language models LLMs continue to evolve, it is critical to assess the security threats and vulnerabilities that may arise both during their training phase and after models have been deployed. This survey seeks to define and categorize the various attacks targeting LLMs, distinguishing...

DEBIAN-CVE-2022-49867

In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix memory leak in ipcwwandellink IOSM driver registers network device without setting the needsfreenetdev flag, and does NOT call freenetdev when unregisters network device, which causes a memory leak. This patc...

CVE-2022-49866

In the Linux kernel, the following vulnerability has been resolved: net: wwan: mhi: fix memory leak in mhimbimdellink MHI driver registers network device without setting the needsfreenetdev flag, and does NOT call freenetdev when unregisters network device, which causes a memory leak. This patch...

CVE-2022-49867 net: wwan: iosm: fix memory leak in ipc_wwan_dellink

In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix memory leak in ipcwwandellink IOSM driver registers network device without setting the needsfreenetdev flag, and does NOT call freenetdev when unregisters network device, which causes a memory leak. This patc...

CVE-2022-49866 net: wwan: mhi: fix memory leak in mhi_mbim_dellink

In the Linux kernel, the following vulnerability has been resolved: net: wwan: mhi: fix memory leak in mhimbimdellink MHI driver registers network device without setting the needsfreenetdev flag, and does NOT call freenetdev when unregisters network device, which causes a memory leak. This patch...

CVE-2022-49866

CVE-2022-49866 concerns a memory‑leak in the Linux kernel’s MHI/wwan path: the MHI driver registered a network device without marking needs_free_netdev, so free_netdev() wasn’t called on unregister. The public sources describe a patch that sets needs_free_netdev to true when registering the netwo...

CVE-2022-49866 net: wwan: mhi: fix memory leak in mhi_mbim_dellink

In the Linux kernel, the following vulnerability has been resolved: net: wwan: mhi: fix memory leak in mhimbimdellink MHI driver registers network device without setting the needsfreenetdev flag, and does NOT call freenetdev when unregisters network device, which causes a memory leak. This patch...

PT-2025-18584 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel, specifically in the IOSM driver. The driver registers a network device without setting the needs free netdev flag and does...

Security update for helm

This update for helm fixes the following issues: CVE-2025-22870: Fixed proxy bypass using IPv6 zone IDs bsc1238688. Other fixes: - Updated to version 3.17.2 - Updated to 0.37.0 for x/net Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

PT-2024-33549 · Adobe · Acrobat Reader

Name of the Vulnerable Software and Affected Versions: Acrobat Reader versions 20.005.30710 through 24.005.20307 Description: The issue is an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations suc...

The vulnerability of the dasd_ese_needs_format() function in the Linux operating system’s kernel on the s390 platform allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the dasdeseneedsformat function in the drivers/s390/block/dasd.c module of the Linux operating system’s kernel on the s390 platform is related to memory writing beyond the bounds of the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the...

The vulnerability of the __unmap_hugepage_range() function in the Linux kernel memory manager allows a hacker to trigger a system failure.

The vulnerability of the unmaphugepagerange function in the mm/hugetlb.c file of the Linux kernel’s memory manager is related to an incorrect check in the code that returns vmaneedsreservation. Exploiting this vulnerability could allow an attacker to trigger a service failure...