CVE-2022-50756

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix mempool alloc size Convert the max size to bytes to match the units of the divisor that calculates the worst-case number of PRP entries. The result is used to determine how many PRP Lists are required. The code was...

CVE-2022-50756 nvme-pci: fix mempool alloc size

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix mempool alloc size Convert the max size to bytes to match the units of the divisor that calculates the worst-case number of PRP entries. The result is used to determine how many PRP Lists are required. The code was...

Frequency Diverse (FD)-RIS-Enhanced Covert Communications: Defense against Wiretapping Via Joint Distance-Angle Beamforming

In response to the security blind zone challenges faced by traditional reconfigurable intelligent surface RIS-aided covert communication CC systems, the joint distance-angle beamforming capability of frequency diverse RIS FD-RIS shows significant potential for addressing these limitations...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989992)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989992 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmfsdiodsglistrw This patch fixes a...

OESA-2025-2274 exiv2 security update

Exiv2 is a Cross-platform C++ library and a command line utility to manage image metadata. It provides fast and easy read and write access to the Exif, IPTC and XMP metadata and the ICC Profile embedded within digital images in various formats. Security Fixes: A vulnerability, which was classifie...

CVE-2025-58451

Cattown is a JavaScript markdown parser. Versions prior to 1.0.2 used regular expressions with inefficient, potentially exponential worst-case complexity. This could cause excessive CPU usage due to excessive backtracking on crafted inputs. In turn, the excessive CPU usage could lead to resource...

OESA-2025-2116 exiv2 security update

Exiv2 is a Cross-platform C++ library and a command line utility to manage image metadata. It provides fast and easy read and write access to the Exif, IPTC and XMP metadata and the ICC Profile embedded within digital images in various formats. Security Fixes: A vulnerability, which was classifie...

Security update for python310

This update for python310 fixes the following issues: CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Information-Theoretic Estimation of the Risk of Privacy Leaks

Recent work\citeLiu2016 has shown that dependencies between items in a dataset can lead to privacy leaks. We extend this concept to privacy-preserving transformations, considering a broader set of dependencies captured by correlation metrics. Specifically, we measure the correlation between the...

Mitigating Disparate Impact of Differentially Private Learning through Bounded Adaptive Clipping

Differential privacy DP has become an essential framework for privacy-preserving machine learning. Existing DP learning methods, however, often have disparate impacts on model predictions, e.g., for minority groups. Gradient clipping, which is often used in DP learning, can suppress larger...

Cryptography from Lossy Reductions: Towards OWFs from ETH, and Beyond

One-way functions OWFs form the foundation of modern cryptography, yet their unconditional existence remains a major open question. In this work, we study this question by exploring its relation to lossy reductions, i.e., reductions$R$ for which it holds that $IX;RX \ll n$ for all distributions$X...

openSUSE: Security Advisory for modsecurity (openSUSE-SU-2023:0257-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 18.04 ESM / 20.04 ESM : hosted-git-info vulnerability (USN-5216-1)

The remote Ubuntu 18.04 ESM / 20.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-5216-1 advisory. It was discovered that hosted-git-info incorrectly handled certain inputs. A remote attacker could use this to cause a denial of service. Tenable has...

CVE-2022-39242

Frontier is an Ethereum compatibility layer for Substrate. Prior to commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can constru...

Frontier 安全漏洞

Frontier is an EtherCompatible layer for Substrate. It is used to run unmodified Ethernet Dapps. Frontier has a security vulnerability that stems from the fact that the worst-case weight is always used as the block weight for all cases...

iOS 16 Has 2 New Security Features for Worst-Case Scenarios

Safety Check and Lockdown Mode give people in vulnerable situations ways to quarantine themselves from acute risks...

GitLab: ReDoS in syntax highlighting due to Rouge

Summary Gitlab is using the ruby gem "rouge" which has a ReDoS vulnerability. In rouge, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have cubic worst-case complexity and are vulnerable to Regular Expression Denial of Service...

Regular Expression Denial Of Service (ReDoS)

path-parse is vulnerable to regular expression denial of service. An attacker is able to produce a denial of service condition in the application through worst-case time complexity via splitDeviceRe, splitTailRe and splitPathRe...

CVE-2021-23343 Regular Expression Denial of Service (ReDoS)

All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

CVE-2021-23362

The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity...