Practical Countermeasure against Attacks Exploiting Detection Efficiency Mismatch in Quantum Key Distribution

We demonstrate a practical countermeasure against a well-known class of attacks on quantum key distribution QKD systems that exploit detection efficiency mismatch, where the receiver's detectors do not exhibit identical responses to incoming photons across all degrees of freedom. This class of...

JLSEC-2025-206 An issue was discovered in Arm Mbed TLS before 2.23.0

An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator...

EUVD-2001-1362

Malware in sbrugna...

EUVD-2022-3341

Malicious code in bioql PyPI...

CVE-2020-36423

An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator...

GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted Attacks

A team of researchers from the CISPA Helmholtz Center for Information Security in Germany has disclosed an architectural bug impacting Chinese chip company T-Head's XuanTie C910 and C920 RISC-V CPUs that could allow attackers to gain unrestricted access to susceptible devices. The vulnerability h...

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

Vulnerability in HiRDB

Overview A Vulnerability CVE-2023-1995 exists in HiRDB. Impact Some audit logs may not be retrieved. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

First Depositor Attack is possible by front-running mip00 script execution

Lines of code Vulnerability details Overview The First Depositor Attack Within the context of Compound v2, a First Depositor Attack occurs when an attacker becomes the inaugural minter of a cToken. This enables them to establish the first exchange rate between the underlying asset and the cToken...

Multiple Vulnerabilities in Hitachi Device Manager

Overview Multiple vulnerabilities have been found in Hitachi Device Manager. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

DoS Vulnerability in uCosminexus TP1/Client/J and Cosminexus Service Coordinator

Overview DoS Vulnerability have been found in uCosminexus TP1/Client/J and Cosminexus Service Coordinator. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...

Design/Logic Flaw

An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator...

CVE-2020-36423

An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator...

CVE-2020-36423

An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator...

CVE-2020-36423

CVE-2020-36423 affects Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext due to a Lucky 13 timing side-channel not properly handling the case of a hardware accelerator. This is documented in multiple sources referencing Mbed TLS 2.23.0 fixes. Impact is plaintext exposure via net...

Vulnerability in JP1/VERITAS

Overview A vulnerability exists in JP1/VERITAS. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

Vulnerability in JP1/VERITAS

Overview A vulnerability exists in JP1/VERITAS. Impact Regerding the impact df the vulnerablilty, please refer to the ventor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

Potential file overwrite if archive filename starts with file://

I have submitted this to the PEAR bug tracker as well as the PEAR group mailing list, and I'm not sure if either has gone through, so opening an issue here with the hope that this is the right place for it. While auditing a separate application which uses ArchiveTar internally, I found that...

PT-2021-6717 · Arm +2 · Mbed Tls +2

Name of the Vulnerable Software and Affected Versions: Arm Mbed TLS versions prior to 2.23.0 Description: A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator. This issue is related to the implementation of...