MAL-2025-6979 Malicious code in 121block-pattern-explorer (npm)

The package 121block-pattern-explorer was found to contain malicious code...

MAL-2025-19551 Malicious code in email-pattern (npm)

The package email-pattern was found to contain malicious code...

MAL-2025-15827 Malicious code in block-pattern-explorer (npm)

The package block-pattern-explorer was found to contain malicious code...

Malicious code in pattern-watcher (npm)

The package pattern-watcher was found to contain malicious code...

MAL-2025-33961 Malicious code in stats-pattern-library (npm)

The package stats-pattern-library was found to contain malicious code...

MAL-2025-36769 Malicious code in tgam-pattern-library (npm)

The package tgam-pattern-library was found to contain malicious code...

MAL-2025-28918 Malicious code in pattern-watcher (npm)

The package pattern-watcher was found to contain malicious code...

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2025-53014: Fixed an off-by-one error may cause an out-of-bounds memory access bsc1246530 CVE-2025-53015: Fixed specific XMP file conversion may cause an infinite loop bsc1246531 CVE-2025-53019: Fixed format specifiers in a filename...

SUSE-SU-2025:02801-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2025-53014: Fixed an off-by-one error may cause an out-of-bounds memory access bsc1246530 - CVE-2025-53015: Fixed specific XMP file conversion may cause an infinite loop bsc1246531 - CVE-2025-53019: Fixed format specifiers in a filenam...

Yet Another Mirage of Breaking MIRAGE: Debunking Occupancy-Based Side-Channel Attacks on Fully Associative Randomized Caches

Recent work presented at USENIX Security 2025 claims that occupancy-based attacks can recover AES keys from the MIRAGE randomized cache. In this paper, we examine these claims and find that they arise from fundamental modeling flaws. Most critically, the authors' simulation of MIRAGE uses a...

SUSE-SU-2025:20554-1 Security update for systemd

This update for systemd fixes the following issues: - Remove the script used to help migrating the language and locale settings located in /etc/sysconfig/language on old systems to the systemd default locations bsc1247074 The script was introduced more than 7 years ago and all systems running TW...

Linux Distros Unpatched Vulnerability : CVE-2025-4598

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the...

Linux Distros Unpatched Vulnerability : CVE-2018-1304

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The URL pattern of the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27,...

Linux Distros Unpatched Vulnerability : CVE-2021-35942

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The wordexp function in the GNU C Library aka glibc through 2.33 may crash or read arbitrary memory in parseparam in posix/wordexp.c when called with an...

Linux Distros Unpatched Vulnerability : CVE-2024-31228

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string...

Attack Pattern Mining to Discover Hidden Threats to Industrial Control Systems

This work focuses on validation of attack pattern mining in the context of Industrial Control System ICS security. A comprehensive security assessment of an ICS requires generating a large and variety of attack patterns. For this purpose we have proposed a data driven technique to generate attack...

ghostscript security update

An update is available for ghostscript. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Ghostscript suite contains utilities for rendering PostScript and PDF...

Thermal-Aware 3D Design for Side-Channel Information Leakage

Side-channel attacks are important security challenges as they reveal sensitive information about on-chip activities. Among such attacks, the thermal side-channel has been shown to disclose the activities of key functional blocks and even encryption keys. This paper proposes a novel approach to...

MAL-2025-6214 Malicious code in ecinc-cloud-moaxmpp (npm)

Package exhibits multiple malicious behaviors: Office doc access/encryption, DB interaction, local storage clearing, arbitrary code execution, /dev/shm ref. The code includes a native bridge that allows it to execute arbitrary SQL queries on a mobile device’s database when used within a specific...

Qualcomm Chipsets 资源管理错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A resource management error vulnerability exists in Qualcomm Chipsets, which arises from a memory corruption that occurs when processing the TESTPATTERNCONFIG escape path...