CVE-2026-45328 ESF-IDF: Out-of-Bounds Write in ESP-TEE Secure Service Wrappers

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esptee component exposes secure-service wrappers in espsecureservices.c and espsecureservicesiram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware peripherals...

EUVD-2023-53522

Malicious code in bioql PyPI...

SUSE CVE-2025-59354

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the DragonFly2 uses a variety of hash functions, including the MD5 hash, for downloaded files. This allows attackers to replace files with malicious ones that have a colliding hash. This...

A Comparative Analysis of Lightweight Hash Functions Using AVR ATXMega128 and ChipWhisperer

Lightweight hash functions have become important building blocks for security in embedded and IoT systems. A plethora of algorithms have been proposed and standardized, providing a wide range of performance trade-off options for developers to choose from. This paper presents a comparative analysi...

Don'T Hash Me like That: Exposing and Mitigating Hash-Induced Unfairness in Local Differential Privacy

Local differential privacy LDP has become a widely accepted framework for privacy-preserving data collection. In LDP, many protocols rely on hash functions to implement user-side encoding and perturbation. However, the security and privacy implications of hash function selection have not been...

CVE-2024-57982

CVE-2024-57982 — Linux kernel xfrm state lookup : A race between lookup and hash table resizing could observe an hmask value too large for the new hashtable, enabling an out-of-bounds read in xfrm_state_lookup_byaddr() during lookup. The fix prefetches net->xfrm.state_hmask and associated poin...

Soundness issue with Plonky2 look up tables

Impact Lookup tables, whose length is not divisible by 26 = floornumroutedwires / 3 always include the 0 - 0 input-output pair. Thus a malicious prover can always prove that f0 = 0 for any lookup table f unless its length happens to be divisible by 26. The cause of problem is that the...

CVE-2024-8452 PLANET Technology switch devices - Insecure hash functions used for SNMPv3 credentials

Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the SNMPv3 service, allowing attackers to obtain plaintext SNMPv3 credentials potentially...

CVE-2024-8452 PLANET Technology switch devices - Insecure hash functions used for SNMPv3 credentials

Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the SNMPv3 service, allowing attackers to obtain plaintext SNMPv3 credentials potentially...

mapXplore - Allow Exporting The Information Downloaded With Sqlmap To A Relational Database Like Postgres And Sqlite

mapXplore is a modular application that imports data extracted of the sqlmap to PostgreSQL or SQLite database. Its main features are: Import of information extracted from sqlmap to PostgreSQL or SQLite for subsequent querying. Sanitized information, which means that at the time of import, it...

Important: Red Hat Security Advisory: openssl security and bug fix update

An update for openssl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Prefetch-Hash-Cracker - A Small Util To Brute-Force Prefetch Hashes

Motivation During the forensic analysis of a Windows machine, you may find the name of a deleted prefetch file. While its content may not be recoverable, the filename itself is often enough to find the full path of the executable for which the prefetch file was created. Using the tool The followi...

NIST Announces First Four Quantum-Resistant Cryptographic Algorithms

The U.S. Department of Commerce's National Institute of Standards and Technology NIST has chosen the first set of quantum-resistant encryption algorithms that are designed to "withstand the assault of a future quantum computer." The post-quantum cryptography PQC technologies include the...

Apple AirDrop Bug Could Leak Your Personal Info to Anyone Nearby

New research has uncovered privacy weaknesses in Apple's wireless file-sharing protocol that could result in the exposure of a user's contact information such as email addresses and phone numbers. "As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – ev...

The vulnerability of the component for integrating various authentication methods in the Astra Linux operating system arises from the use of unstable cryptographic hash functions for storing Unix passwords. This allows a hacker to gain unauthorized access to the system.

The vulnerability of the component for integrating various authentication methods in the Astra Linux operating system is related to the use of unstable cryptographic hash functions for storing Unix passwords. Exploiting this vulnerability can allow an attacker to gain unauthorized access to the...

[SECURITY] Fedora 27 Update: libtomcrypt-1.18.2-1.fc27

A comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines. Designed from the ground...

[SECURITY] Fedora 28 Update: libtomcrypt-1.18.2-1.fc28

A comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines. Designed from the ground...

TLS 1.3 is nearly here

TLS stands for "Transport Layer Security" and it's rather important. Why's that? Oh, I'm glad you asked. Here's me, yelling my password across the office to you: "PASSWORD!!!" You heard me loud and clear, right? But so did basically anyone else nearby. Now let's work in a little TLS love and...

[SECURITY] Fedora 26 Update: python-crypto-2.6.1-22.fc26

PyCrypto is a collection of both secure hash functions such as MD5 and SHA, and various encryption algorithms AES, DES, RSA, ElGamal, etc...

[SECURITY] Fedora 27 Update: python-crypto-2.6.1-22.fc27

PyCrypto is a collection of both secure hash functions such as MD5 and SHA, and various encryption algorithms AES, DES, RSA, ElGamal, etc...