130 matches found
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the overly strict threshold for dirty page requirements during metadata write operations,...
SecureScan: An AI-Driven Multi-Layer Framework for Malware and Phishing Detection Using Logistic Regression and Threat Intelligence Integration
The growing sophistication of modern malware and phishing campaigns has diminished the effectiveness of traditional signature-based intrusion detection systems. This work presents SecureScan, an AI-driven, triple-layer detection framework that integrates logistic regression-based classification,...
firefox: thunderbird: Use-after-free in the JavaScript Engine component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...
Toward Risk Thresholds for AI-Enabled Cyber Threats: Enhancing Decision-Making under Uncertainty with Bayesian Networks
Artificial intelligence AI is increasingly being used to augment and automate cyber operations, altering the scale, speed, and accessibility of malicious activity. These shifts raise urgent questions about when AI systems introduce unacceptable or intolerable cyber risk, and how risk thresholds...
DEBIAN-CVE-2026-23992
go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. This can lead to...
CVE-2026-23992 go-tuf improperly validates the configured threshold for delegations
go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. This can lead to...
CVE-2026-23992
The CVE-2026-23992 entry concerns go-tuf (Go implementation of The Update Framework). It states that in versions 2.0.0 up to but not including 2.3.1, a compromised or misconfigured TUF repository could configure signature thresholds to 0, effectively disabling signature verification. This can all...
CVE-2026-23992 go-tuf improperly validates the configured threshold for delegations
go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. This can lead to...
CVE-2026-23992
go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. This can lead to...
go-tuf improperly validates the configured threshold for delegations
Security Disclosure: Improper validation of configured threshold for delegations Summary A compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. Impact Unathorized modification to TUF metadata...
PT-2026-3904
Name of the Vulnerable Software and Affected Versions go-tuf versions 2.0.0 through 2.3.0 Description go-tuf, a Go implementation of The Update Framework TUF, is susceptible to a condition where a compromised or misconfigured repository can have signature thresholds set to 0. This effectively...
CVE-2017-18703
Certain NETGEAR devices are affected by CSRF. This affects D1500 before 1.0.0.25, D500 before 1.0.0.25, D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, EX6100v2 before 1.0.1.60, EX6150v2 before 1.0.1.60, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.16, JWNR2010v5 before...
Decision-Aware Trust Signal Alignment for SOC Alert Triage
Detection systems that utilize machine learning are progressively implemented at Security Operations Centers SOCs to help an analyst to filter through high volumes of security alerts. Practically, such systems tend to reveal probabilistic results or confidence scores which are ill-calibrated and...
CVE-2025-62002
BullWall Ransomware Containment considers the number of files modified to trigger detection. An authenticated attacker could encrypt a single possibly large file without triggering detection if thresholds are configured to require multiple file changes. The number of files to trigger detection ca...
CVE-2025-62002
BullWall Ransomware Containment considers the number of files modified to trigger detection. An authenticated attacker could encrypt a single possibly large file without triggering detection if thresholds are configured to require multiple file changes. The number of files to trigger detection ca...
firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the JavaScript Engine: JIT component...
CVE-2025-40288
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices Previously, APU platforms and other scenarios with uninitialized VRAM managers triggered a NULL pointer dereference in ttmresourcemanagerusage. The root cause...
firefox: thunderbird: Mitigation bypass in the DOM: Core & HTML component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Core & HTML component...
TencentOS Server 3: firefox (TSSA-2025:0809)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0809 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
thunderbird: firefox: Some non-writable Object properties could be modified
A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...