19 matches found
Cryptographic Choreographies
We present CryptoChoreo, a choreography language for the specification of cryptographic protocols. Choreographies can be regarded as an extension of Alice-and-Bob notation, providing an intuitive high-level view of the protocol as a whole rather than specifying each protocol role in isolation. Th...
EUVD-2013-4465
Malware in sbrugna...
FreeBSD : liboqs -- Secret-dependent branching in HQC (aeac223e-60e1-11f0-8baa-8447094a420f)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the aeac223e-60e1-11f0-8baa-8447094a420f advisory. The OpenQuantumSafe project reports: Secret-dependent branching in HQC reference implementation when...
CVE-2025-52473 liboqs secret-dependent branching in HQC reference implementation when compiled with Clang 17-20
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Multiple secret-dependent branches have been identified in the reference implementation of the HQC key encapsulation mechanism when it is compiled with Clang for optimization levels...
CVE-2025-52473
CVE-2025-52473 affects the liboqs HQC KEM reference implementation. When compiled with Clang at optimization levels above -O0, the code contains secret-dependent branches that enable a proof-of-concept local attack to recover the entire secret key. The vulnerability is fixed in version 0.14.0. Im...
liboqs -- Secret-dependent branching in HQC
The OpenQuantumSafe project reports: Secret-dependent branching in HQC reference implementation when compiled with Clang 17-20 for optimizations above -O0...
CLSA-2025-1749479602 gnutls: Fix of 3 CVEs
Keep the broken pkcs11 tests disabled. - Added CVE-2024-0567 PoC test. - CVE-2023-5981-pre1: improve level of randomness for each operations, always use gnutlsswitchlibstate for pk wrappers. - CVE-2023-5981-pre2: add constant time/cache operations to prevent or minimaze timining or cache side...
Efficient Preimage Approximation for Neural Network Certification
The growing reliance on artificial intelligence in safety- and security-critical applications demands effective neural network certification. A challenging real-world use case is certification against patch attacks'', where adversarial patches or lighting conditions obscure parts of images, for...
CLSA-2024-1710184399 gnutls: Fix of 3 CVEs
Keep the broken pkcs11 tests disabled. - Added CVE-2024-0567 PoC test. - CVE-2023-5981-pre1: improve level of randomness for each operations, always use gnutlsswitchlibstate for pk wrappers. - CVE-2023-5981-pre2: add constant time/cache operations to prevent or minimaze timining or cache side...
CLSA-2024-1708029490 gnutls: Fix of 3 CVEs
Add CVE-2024-0567 PoC test - Remove src.rpm from sources - CVE-2023-5981: removes branching that depends on secret data to prevent potential side-channel attack - CVE-2024-0553: minimize branching after decryption...
CLSA-2024-1708029216 gnutls: Fix of 3 CVEs
Add CVE-2024-0567 PoC test - Remove src.rpm from sources - CVE-2023-5981: removes branching that depends on secret data to prevent potential side-channel attack - CVE-2024-0553: minimize branching after decryption...
[SECURITY] Fedora 36 Update: git-octopus-2.0-0.4.beta.3.fc36.13
The continuous merge workflow is meant for continuous integration/delivery and is based on feature branching. git-octopus provides git commands to implement it...
Fedora: Security Advisory for git-octopus (FEDORA-2022-3e1ade35db)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: git-octopus-2.0-0.4.beta.3.fc35.12
The continuous merge workflow is meant for continuous integration/delivery and is based on feature branching. git-octopus provides git commands to implement it...
[SECURITY] Fedora 36 Update: git-octopus-2.0-0.4.beta.3.fc36.12
The continuous merge workflow is meant for continuous integration/delivery and is based on feature branching. git-octopus provides git commands to implement it...
CVE-2018-9056
BranchScope is a new class of attack which leverages functioning of the Branch Prediction Unit BPU of a processor to infer/leak sensitive process information, which is involved in the branch decision making if x x ^ y; else x & y;. In this, BranchScope side-channel could help to infer 'x', by...
CVE-2017-14539
IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at image0000000000400000+0x000000000011d767."...
openSUSE Security Update : osc (openSUSE-SU-2012:0400-1)
This update of osc to 0.134.1 provides the following changes : - adding unlock command - maintenanceincident requests get created with source revision of package - Enables new maintenance submissions for new OBS 2.3 maintenance model - Fixes srcmd5 revisions in submit request, when link target !=...
Design/Logic Flaw
REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restrictions via 1 the Online Designer or 2 the Data Dictionary upload, as demonstrated by an eval call...