Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a divide-by-zero error in the calclcoefs function...

Cross-LLM Generalization of Behavioral Backdoor Detection in AI Agent Supply Chains

As AI agents become integral to enterprise workflows, their reliance on shared tool libraries and pre-trained components creates significant supply chain vulnerabilities. While previous work has demonstrated behavioral backdoor detection within individual LLM architectures, the critical question ...

Smartphone User Fingerprinting on Wireless Traffic

Due to the openness of the wireless medium, smartphone users are susceptible to user privacy attacks, where user privacy information is inferred from encrypted Wi-Fi wireless traffic. Existing attacks are limited to recognizing mobile apps and their actions and cannot infer the smartphone user...

An Ethically Grounded LLM-Based Approach to Insider Threat Synthesis and Detection

Insider threats are a growing organizational problem due to the complexity of identifying their technical and behavioral elements. A large research body is dedicated to the study of insider threats from technological, psychological, and educational perspectives. However, research in this domain h...

PP-STAT: an Efficient Privacy-Preserving Statistical Analysis Framework Using Homomorphic Encryption

With the widespread adoption of cloud computing, the need for outsourcing statistical analysis to third-party platforms is growing rapidly. However, handling sensitive data such as medical records and financial information in cloud environments raises serious privacy concerns. In this paper, we...

Information-Theoretic Estimation of the Risk of Privacy Leaks

Recent work\citeLiu2016 has shown that dependencies between items in a dataset can lead to privacy leaks. We extend this concept to privacy-preserving transformations, considering a broader set of dependencies captured by correlation metrics. Specifically, we measure the correlation between the...

AI-Based Vulnerability Analysis of NFT Smart Contracts

With the rapid growth of the NFT market, the security of smart contracts has become crucial. However, existing AI-based detection models for NFT contract vulnerabilities remain limited due to their complexity, while traditional manual methods are time-consuming and costly. This study proposes an...

PT-2024-40350 · Blahaj +1 · Blahaj +1

Name of the Vulnerable Software and Affected Versions: sharks crate affected versions not specified Description: The issue concerns a bias in generating random polynomials for Shamir Secret Sharing. Instead of coefficients being in the range 0, 255, they were in the range 1, 255. This allows an...

RUSTSEC-2024-0398 Bias of Polynomial Coefficients in Secret Sharing

Affected versions of this crate allowed for a bias when generating random polynomials for Shamir Secret Sharing, where instead of being within the range 0, 255 they were instead in the range 1, 255. A description from Cure53, who originally found the issue, is available: The correct method to...

DEBIAN-CVE-2024-41056

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Use strnlen on name fields in V1 wmfw files Use strnlen instead of strlen on the algorithm and coefficient name string arrays in V1 wmfw files. In V1 wmfw files the name is a NUL-terminated string in a fixed-size...

Incorrect calculation of totalSupply(), balanceOf() in rUSDY.sol if the rate is unlinked from $1

Lines of code Vulnerability details Impact In rUSDY.sol, the functions totalSupply, balanceOf are calculated. totalSupply : function totalSupply public view returns uint256 return totalShares oracle.getPrice / 1e18 BPSDENOMINATOR; balanceOf : function balanceOfaddress account public view returns...

Google Chrome FFmpeg Competitive Conditions Vulnerability

Google Chrome is an open source WEB browser. The 'updatedimensions' function in the libavcodec/vp8.c file of FFmpeg used by Google to perform multi-threaded operations relies on coefficient-partition counting, allowing remote attackers to build special WebM files for denial-of-service attacks...

Paper: NetFlow Data De-Anonymizes Tor Users

Tor Project leaders are trying to rein in concerns about an academic paper describing an end-to-end traffic correlation attack that could be used by a well-funded attacker such as a nation state to de-anonymize traffic on Tor. Executive director Roger Dingledine points out that the researchers...

CVE-2014-2098

libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted WMA data...

Jumbotcms 6. x by injection by pass the backend certification authority-vulnerability warning-the black bar safety net

Jumbotcms is a widely used open source. NET CMS program, jumbotcms using Microsoft's recommended multi-layer security architecture, widely used, Safety coefficient is high. It appears the problem is mainly the new modified permissions to the authentication aspects and injection By injection to ge...

Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability

Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability. CVE-2009-2408. Remote exploit for linux platform source: http://www.securityfocus.com/bid/35888/info Mozilla Network Security Services NSS is prone to a security-bypass vulnerability because it fails to proper...

BBSXP the latest vulnerability and the discovery process-vulnerability warning-the black bar safety net

Operating environment: Micromedia Dreamweaver 8.0+IIS 5.0+SQL Server 2 0 0 0+BBSXP 6.00 SP1 SQL Travel back to the days of work relatively easily, just as everyone presented a few days ago found BBSXP new vulnerability, the way to find the ASP program vulnerability method. See here you should thi...