LLMs in Code Vulnerability Analysis: A Proof of Concept

Context: Traditional software security analysis methods struggle to keep pace with the scale and complexity of modern codebases, requiring intelligent automation to detect, assess, and remediate vulnerabilities more efficiently and accurately. Objective: This paper explores the incorporation of...

An Empirical Evaluation of LLM-Based Approaches for Code Vulnerability Detection: RAG, SFT, and Dual-Agent Systems

The rapid advancement of Large Language Models LLMs presents new opportunities for automated software vulnerability detection, a crucial task in securing modern codebases. This paper presents a comparative study on the effectiveness of LLM-based techniques for detecting software vulnerabilities...

Updated apache packages fix security vulnerabilities

Apache has been updated to version 2.4.58 to fix several security issues. CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST cve.mitre.org When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were n...

Caucho Resin Path Traversal Vulnerability (CVE-2004-0281) - Active Check

Caucho Resin is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:caucho:resin";...

Security update for virtualbox (important)

openSUSE Security Update: Security update for virtualbox Announcement ID: openSUSE-SU-2021:1092-1 Rating: important References: 1188045 1188105 1188535 1188536 1188537 1188538 Cross-References: CVE-2021-2409 CVE-2021-2442 CVE-2021-2443 CVE-2021-2454 CVSS scores: CVE-2021-2409 NVD : 8.2...

SUSE: Security Advisory (SUSE-SU-2020:3611-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:3615-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:3612-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2020:3051-1)

This update for xen fixes the following issues : bsc1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries XSA-286 bsc1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code XSA-345 bsc1177413 - VUL-0: CVE-2020-27671: xen: undue deferra...

SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2020:3049-1)

This update for xen fixes the following issues : bsc1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries XSA-286 bsc1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code XSA-345 bsc1177413 - VUL-0: CVE-2020-27671: xen: undue deferra...

Canon MF210/MF220 Series Printers Access Bypass Vulnerability (Apr 2018)

Canon MF210/MF220 Series Printers are prone to an access bypass vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program ...

Samba 3.0.0 <= 3.0.25rc3 MS-RPC Remote Shell Command Execution Vulnerability - Active Check

Samba is prone to a vulnerability that allows attackers to execute arbitrary shell commands because the software fails to sanitize user-supplied input. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Security update for xen (important)

xen was updated to fix 12 security issues. These security issues were fixed: - CVE-2015-7972: Populate-on-demand balloon size inaccuracy can crash guests bsc951845. - CVE-2015-7969: Leak of main per-domain vcpu pointer array DoS bsc950703. - CVE-2015-7969: Leak of per-domain profiling-related vcp...

D-Link DNS Devices Authentication Bypass Vulnerability

Authentication bypass vulnerability in D-Link DNS devices. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX = "cpe:/o:dlink";...

Free FAQ 1.0 Index.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20621/info Free Faq is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. A successful exploit of this issue allows an attacker to execute arbitrary server-side script...

openSUSE Security Update : xen-201107 (openSUSE-SU-2011:0941-1)

Security / Collective Update for Xen Xen : - bnc702025 - VUL-0: xen: VT-d PCI passthrough MSI trap injection CVE-2011-1898 - bnc703924 - update block-npiv scripts to support BFA HBA - bnc689954 - L3: Live migrations fail when guest crashes: domaincrashsync called from entry.S - bnc693472 - Bridge...

ZTE F460/F660 Backdoor Unauthorized Access Vulnerability (Mar 2014) - Active Check

ZTE F460/F660 cable modem devices are prone to an unauthorized access vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

PostgreSQL No Password Protection (PostgreSQL Protocol)

It was possible to login into the remote PostgreSQL as user SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postgresql:postgresql...

PineApp Mail-SeCure 'test_li_connection.php' Remote Command Injection Vulnerability

The remote PineApp Mail-SeCure is prone to a remote command-injection vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...

Elastix < 2.4 PHP Code Injection Vulnerability

Elastix is prone to a PHP code injection vulnerability because it fails to properly sanitize user-supplied input. Copyright C 2013 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...