Lucene search
K

12 matches found

RustSec
RustSec
added 2026/03/19 12:0 p.m.10 views

`unpack_in` can chmod arbitrary directories by following symlinks

In versions 0.4.44 and below of tar-rs, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadatafs-metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball containing a symlink entry followed by a...

6.5CVSS5.8AI score0.00379EPSS
Exploits1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-47232

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00413EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-27001

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00617EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:31 a.m.13 views

CVE-2024-45678

Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack that requires physical access and expensive equipment in which an electromagnetic side channel is present because of a non-constant-time modular...

4.2CVSS6.9AI score0.00329EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:1 a.m.7 views

CVE-2023-42806

Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying $\mathsfcid$ allows an attacker which must be a participant of this head to use a snapshot from an old head instance with the same participants to close the head or contest the state with i...

6.5CVSS6.8AI score0.00413EPSS
Exploits0References1
Schneier on Security
Schneier on Security
added 2023/10/10 11:9 a.m.10 views

Model Extraction Attack on Neural Networks

Adi Shamir et al. have a new model extraction attack on neural networks: Polynomial Time Cryptanalytic Extraction of Neural Network Models Abstract: Billions of dollars and countless GPU hours are currently spent on training Deep Neural Networks DNNs for a variety of tasks. Thus, it is essential ...

6.9AI score
Exploits0
NVD
NVD
added 2023/09/21 5:15 p.m.12 views

CVE-2023-42806

Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying $\mathsfcid$ allows an attacker which must be a participant of this head to use a snapshot from an old head instance with the same participants to close the head or contest the state with i...

6.5CVSS6.4AI score0.00413EPSS
Exploits0References4
CVE
CVE
added 2023/09/21 4:45 p.m.42 views

CVE-2023-42806

Hydra (Cardano) prior to v0.13.0 has a vulnerability where not signing/verifying the cid allows a participant to reuse a snapshot from an old head to close the head or contest state with the same participants. This can cause incorrect value distribution (value extraction) or prevent finalization ...

6.5CVSS6.4AI score0.00413EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/21 4:45 p.m.9 views

CVE-2023-42806 Snapshot signature not including HeadID will allow replay attacks

Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying $\mathsfcid$ allows an attacker which must be a participant of this head to use a snapshot from an old head instance with the same participants to close the head or contest the state with i...

6.5CVSS6.8AI score0.00413EPSS
Exploits0References4
OSV
OSV
added 2023/09/21 4:45 p.m.24 views

CVE-2023-42806 Snapshot signature not including HeadID will allow replay attacks

Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying $\mathsfcid$ allows an attacker which must be a participant of this head to use a snapshot from an old head instance with the same participants to close the head or contest the state with i...

6.5CVSS6.4AI score0.00413EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2015/08/05 12:0 a.m.43 views

Amazon Linux AMI : libgcrypt (ALAS-2015-577)

Fix a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak. CVE-2015-0837 Fix a side-channel attack which can potentially lead to an information leak. CVE-2014-3591 Libgcrypt before 1.5.4, as used in GnuPG and other...

5.9CVSS6.1AI score0.01952EPSS
Exploits0References5
OSV
OSV
added 2014/10/10 1:55 a.m.6 views

CVE-2014-5270

Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed...

5.7AI score
Exploits0References7
Rows per page
Query Builder