122 matches found
EUVD-2024-54366
Malicious code in bioql PyPI...
EUVD-2022-6780
Malicious code in bioql PyPI...
EUVD-2023-25612
Malicious code in bioql PyPI...
EUVD-2022-52605
Malicious code in bioql PyPI...
CVE-2025-40918 Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely
Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, i...
A Formal Refutation of the Blockchain Trilemma
The so-called blockchain trilemma asserts the impossibility of simultaneously achieving scalability, security, and decentralisation within a single blockchain protocol. In this paper, we formally refute that proposition. Employing predicate logic, formal automata theory, computational complexity...
Quantum Enhanced Entropy Pool for Cryptographic Applications and Proofs
This paper investigates the integration of quantum randomness into Verifiable Random Functions VRFs using the Ed25519 elliptic curve to strengthen cryptographic security. By replacing traditional pseudorandom number generators with quantum entropy sources, we assess the impact on key security and...
Use Of Insufficiently Random Values
vantage6 is vulnerable to Use of Insufficiently Random Values. The vulnerability is due to insecure randomness of UUID1 for auto-generating JWT secret keys, which is partially predictable and not cryptographically secure...
TencentOS Server 3: libgcrypt (TSSA-2022:0129)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0129 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
Vantage6 Server JWT secret not cryptographically secure
Impact The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent Patches No Workarounds You may define JWT secret key in the server configuration file...
CVE-2025-43866 Vantage6 Server JWT secret not cryptographically secure
vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is...
CVE-2025-43866 Vantage6 Server JWT secret not cryptographically secure
vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is...
PT-2025-25343 · Vantage6 · Vantage6
Name of the Vulnerable Software and Affected Versions: vantage6 versions prior to 4.11.0 Description: The vantage6 server has a predictable JWT secret key generation issue. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This issue...
EarthOL: a Proof-Of-Human-Contribution Consensus Protocol -- Addressing Fundamental Challenges in Decentralized Value Assessment with Enhanced Verification and Security Mechanisms
This paper introduces EarthOL, a novel consensus protocol that attempts to replace computational waste in blockchain systems with verifiable human contributions within bounded domains. While recognizing the fundamental impossibility of universal value assessment, we propose a domain-restricted...
Fedora: Security Advisory (FEDORA-2024-7908ee39a9)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-21617
Guzzle OAuth Subscriber signs Guzzle requests using OAuth 1.0. Prior to 0.8.1, Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source. This can leave servers vulnerable to replay attacks when TLS is not used. This vulnerability is fixed in 0.8.1...
CVE-2013-2872
Google Chrome before 28.0.1500.71 on Mac OS X does not ensure a sufficient source of entropy for renderer processes, which might make it easier for remote attackers to defeat cryptographic protection mechanisms in third-party components via unspecified vectors...
Active Light Modulation to Counter Manipulation of Speech Visual Content
High-profile speech videos are prime targets for falsification, owing to their accessibility and influence. This work proposes Spotlight, a low-overhead and unobtrusive system for protecting live speech videos from visual falsification of speaker identity and lip and facial motion. Unlike...
Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content
Formidable aka node-formidable 2.x before 2.1.3 and 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid...
Security update for perl-Data-Entropy (moderate)
openSUSE Security Update: Security update for perl-Data-Entropy Announcement ID: openSUSE-SU-2025:0123-1 Rating: moderate References: 1240395 Cross-References: CVE-2025-1860 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description: This...