com.farao-community.farao:csa-runner-api (>=1.3.1 <=2.6.1), com.farao-community.farao:csa-runner-app (>=1.3.1 <=2.6.1) +97 more potentially affected by CVE-2025-48059 via com.powsybl:powsybl-iidm-criteria (>=6.3.0 <=6.7.1)

com.powsybl:powsybl-iidm-criteria MAVEN version =6.3.0, =1.3.1, =1.3.1, =1.18.0, =1.18.0, =1.4.0, =1.6.0, =1.12.0, =1.27.0, =1.27.0, =1.27.0, =1.27.0, =1.27.0, =1.24.0, =1.6.2, =1.13.0 and more Source cves: CVE-2025-48059 Source advisory:...

Mitigating Data Poisoning Attacks to Local Differential Privacy

The distributed nature of local differential privacy LDP invites data poisoning attacks and poses unforeseen threats to the underlying LDP-supported applications. In this paper, we propose a comprehensive mitigation framework for popular frequency estimation, which contains a suite of novel...

TeleSparse: Practical Privacy-Preserving Verification of Deep Neural Networks

Verification of the integrity of deep learning inference is crucial for understanding whether a model is being applied correctly. However, such verification typically requires access to model weights and potentially sensitive or private training data. So-called Zero-knowledge Succinct...

Quantum Opacity, Classical Clarity: a Hybrid Approach to Quantum Circuit Obfuscation

Quantum computing leverages quantum mechanics to achieve computational advantages over classical hardware, but the use of third-party quantum compilers in the Noisy Intermediate-Scale Quantum NISQ era introduces risks of intellectual property IP exposure. We address this by proposing a novel...

kernel: modpost: fix off by one in is_executable_section()

A flaw was exist's in the Linux kernel’s module-post processing component, in the function isexecutablesection. Due to an off-by-one error using instead of =, the code may perform an out-of-bounds array access...

SUSE CVE-2024-47868

Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected...

PYSEC-2024-217

Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected...

CVE-2024-47868 Several components’ post-process steps may allow arbitrary file leaks in Gradio

Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected...

CVE-2024-47868 Several components’ post-process steps may allow arbitrary file leaks in Gradio

Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected...

Directory Traversal

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Directory Traversal through the post-processing step. An attacker can expose sensitive files by crafting requests that bypass expected input...

Log Injection

flask-cors is vulnerable to Log Injection when the log level is set to debug. The vulnerability is due to improper output neutralization for logs within extension.py. This allows attackers to insert fake log entries through specially crafted GET requests containing CRLF sequences in the request...

PrusaSlicer 2.6.1 Arbitrary Code Execution

Exploit Title: PrusaSlicer 2.6.1 - Arbitrary code execution on g-code export Date: 16/01/2024 Exploit Author: Kamil Breński Vendor Homepage: https://www.prusa3d.com Software Link: https://github.com/prusa3d/PrusaSlicer Version: PrusaSlicer up to and including version 2.6.1 Tested on: Windows and...

PrusaSlicer 2.6.1 - Arbitrary code execution Vulnerability

Exploit Title: PrusaSlicer 2.6.1 - Arbitrary code execution on g-code export Exploit Author: Kamil Breński Vendor Homepage: https://www.prusa3d.com Software Link: https://github.com/prusa3d/PrusaSlicer Version: PrusaSlicer up to and including version 2.6.1 Tested on: Windows and Linux CVE:...

Debian dla-3178 : ffmpeg - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3178 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3178-1 [email protected] https://www.debian.org/lts/security/...

CVE-2016-1579 UDM doesn't check for confinement before running post-processing commands

UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications. Before UDM version 1.2+16.04.20160408-0ubuntu1 any confined application could make use of the UD...

SUSE-SU-2017:2175-1 Security update for java-1_8_0-openjdk

This java-180-openjdk update to version jdk8u141 icedtea 3.5.0 fixes the following issues: Security issues fixed: - CVE-2017-10053: Improved image post-processing steps bsc1049305 - CVE-2017-10067: Additional jar validation steps bsc1049306 - CVE-2017-10074: Image conversion improvements bsc10493...

[SECURITY] Fedora 26 Update: gstreamer1-vaapi-1.12.0-1.fc26

A collection of GStreamer plugins to let you make use of VA API video acceleration from GStreamer applications. Includes elements for video decoding, display, encoding and post-processing using VA API subject to hardware limitations...

IBM UrbanCode Deploy Multiple Vulnerabilities

IBM UrbanCode Deploy is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ibm:urbancodedeploy"; ...

Parse Various Log Files: Plaso

Plaso is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline and thus plaso is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network...

kernel: pty layer race condition leading to memory corruption

The nttywrite function in drivers/tty/ntty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service memory corruption and system crash or gain privileges by triggering a race condition...