PRACtical: Subarray-Level Counter Update and Bank-Level Recovery Isolation for Efficient PRAC Rowhammer Mitigation

As DRAM density increases, Rowhammer becomes more severe due to heightened charge leakage, reducing the number of activations needed to induce bit flips. The DDR5 standard addresses this threat with in-DRAM per-row activation counters PRAC and the Alert Back-Off ABO signal to trigger mitigation...

CVE-2025-52964

A Reachable Assertion vulnerability in the Routing Protocol Daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. When the device receives a specific BGP UPDATE packet, the rpd crashes and restarts...

Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK 安全漏洞

Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK is a software development kit from Texas Instruments, USA. A security vulnerability exists in Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK version 7.41.00.17, which originates from a denial of service due to the sending of a...

November 21, 2024—KB5046740 (OS Build 26100.2454) Preview

November 21, 2024—KB5046740 OS Build 26100.2454 Preview 11/12/24IMPORTANT Because of minimal operations during the Western holidays and the upcoming new year, there won’t be a non-security preview release for the month of December 2024. There will be a monthly security release for December 2024...

The vulnerability of the Bluetooth Low Energy (BLE) technology in tool sets and libraries for setting up wireless connections provided by Cypress’ Bluetooth SDK allows a intruder to trigger a service failure.

The vulnerability of the Bluetooth Low Energy BLE technology, as well as the toolkits and libraries for configuring wireless connections in Cypress’ Bluetooth SDK, is related to the issue where an operation goes beyond the buffer boundaries in memory when processing the Length field of the Data...

Cypress Bluetooth SDK 安全漏洞

Cypress Bluetooth SDK is a Bluetooth software development package from Cypress. A security vulnerability exists in Cypress Bluetooth SDK version v3.66, which originates from an attacker being able to trigger a denial of service DoS by providing a carefully crafted LLPAUSEENCREQ packet...

WordPress Contact Form 7 Telegram plugin <= 0.8.5 - Missing Authorization to Authenticated (Subscriber+) Subscription Approve/Pause/Refuse vulnerability

Missing Authorization to Authenticated Subscriber+ Subscription Approve/Pause/Refuse vulnerability discovered by István Márton in WordPress Plugin Contact Form 7 Telegram versions = 0.8.5...

AZL-50730 CVE-2024-47673 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped Not doing so will make us send a host command to the transport while the firmware is not alive, which will trigger a WARNING. bad state = 0 WARNING: CPU: 2 PID: 17434 at...

CVE-2024-47673 wifi: iwlwifi: mvm: pause TCM when the firmware is stopped

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped Not doing so will make us send a host command to the transport while the firmware is not alive, which will trigger a WARNING. bad state = 0 WARNING: CPU: 2 PID: 17434 at...

PT-2024-7671 · Cypress · Cypress Bluetooth Sdk

Name of the Vulnerable Software and Affected Versions: Cypress Bluetooth SDK version 3.66 Description: The issue is related to a buffer overflow in the memory when handling the data header length field of the LL Pause Enc Req, which is part of the Bluetooth Low Energy BLE technology. This can be...

Oracle Linux 8 : kernel (ELSA-2024-7000)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-7000 advisory. - wifi: mac80211: Avoid address calculations via out of bounds array indexing Michal Schmidt RHEL-51278 CVE-2024-41071 - protect the fetch of -fdfd in...

Meta to Train AI Models Using Public U.K. Facebook and Instagram Posts

Meta has announced that it will begin training its artificial intelligence AI systems using public content shared by adult users across Facebook and Instagram in the U.K. in the coming months. "This means that our generative AI models will reflect British culture, history, and idiom, and that U.K...

CVE-2024-6621

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wprssactivatefeedsource' and 'wprsspausefeedsource' functions in all versions up to, and including, 4.23.11...

CVE-2024-6621 WP RSS Aggregator <= 4.23.11 - Missing Authorization to Authenticated (Subscriber+) Feed State Update

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wprssactivatefeedsource' and 'wprsspausefeedsource' functions in all versions up to, and including, 4.23.11...

Pause off my cluster: DERO cryptojacking takes a new shape

Learn how the threat actors behind the 2023 DERO cryptojacking campaign have adapted their techniques to evade detection, and the best practices for mitigation...

[SECURITY] Fedora 39 Update: rust-uu_sleep-0.0.23-3.fc39

sleep uutils pause for DURATION...

PT-2024-40355 · Packagist · Typo3/Cms

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned Description: The issue concerns a brute force protection mechanism in the backend login system. This mechanism pauses for 5 seconds when incorrect credentials are provided. However, it is possible to...

Fedora: Security Advisory for rust-uu_sleep (FEDORA-2024-ce2936b568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

BIT-GITLAB-2020-13350

CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are =13.5.0, =13.4.0, 13.4.5,13.3.9...

openSUSE: Security Advisory for catatonit, containerd, runc (SUSE-SU-2023:4727-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...