Lucene search
K

190 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2019-1010263

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow attackers to bypass authentication by providing a token by craftin...

9.8CVSS8.4AI score0.01301EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-48566

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable...

5.9CVSS6.7AI score0.01148EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/08/14 3:49 p.m.16 views

CVE-2025-54864

Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be...

7.5CVSS7AI score0.00359EPSS
Exploits0References1
NVD
NVD
added 2025/08/12 4:15 p.m.29 views

CVE-2025-54864

Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be...

7.5CVSS0.00359EPSS
Exploits0References2
OSV
OSV
added 2025/08/11 1:52 p.m.5 views

BIT-LIBPYTHON-2022-48566

An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest...

5.9CVSS7.1AI score0.01148EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2024-42255

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tpm: Use auth only after NULL check in tpmbufcheckhmacresponse Dereference auth after NULL...

5.5CVSS5.7AI score0.00183EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/31 8:42 p.m.6 views

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength due to the HMAC and RSA key lengths used in the JSON Web Signature JWS implementation not meeting recommended security standards. Remediation Upgrade pyjwt to version 2.11.0 or higher. References - GitHub...

7CVSS5.8AI score0.0016EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/07/23 12:0 a.m.1 views

NIST Post-Quantum Cryptography Standard Algorithms Based on Quantum Random Number Generators

In recent years, the advancement of quantum computing technology has posed potential security threats to RSA cryptography and elliptic curve cryptography. In response, the National Institute of Standards and Technology NIST published several Federal Information Processing Standards FIPS of...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/20 12:0 a.m.2 views

Quantum Skyshield: Quantum Key Distribution and Post-Quantum Authentication for Low-Altitude Wireless Networks in Adverse Skies

Recently, low-altitude wireless networks LAWNs have emerged as a critical backbone for supporting the low-altitude economy, particularly with the densification of unmanned aerial vehicles UAVs and high-altitude platforms HAPs. To meet growing data demands, some LAWN deployments incorporate...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/23 12:0 a.m.3 views

A Comparative Study and Implementation of Key Derivation Functions Standardized by NIST and IEEE

Since many applications and services require pseudorandom numbers PRNs, it is feasible to generate specific PRNs under given key values and input messages using Key Derivation Functions KDFs. These KDFs are primarily constructed based on Message Authentication Codes MACs, where the MAC serves as ...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/22 12:0 a.m.5 views

Technical Evaluation of a Disruptive Approach in Homomorphic AI

We present a technical evaluation of a new, disruptive cryptographic approach to data security, known as HbHAI Hash-based Homomorphic Artificial Intelligence. HbHAI is based on a novel class of key-dependent hash functions that naturally preserve most similarity properties, most AI algorithms rel...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:4 a.m.6 views

CVE-2023-22334

Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System CHS Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack...

5.3CVSS6.8AI score0.00879EPSS
Exploits0References1
Rockylinux
Rockylinux
added 2025/05/07 7:11 p.m.7 views

python3.11 bug fix update

An update is available for python3.11. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming languag...

7.2AI score
Exploits0
OSV
OSV
added 2025/05/03 4:15 p.m.6 views

AZL-61673 CVE-2024-58134 affecting package perl-Mojolicious 8.57-3

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These predictable default secrets can be exploited by an attacker to forge session cookies. An attacker who knows or guesses the secret could compute...

8.1CVSS5.7AI score0.00459EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2025/04/21 12:0 a.m.5 views

AESHA3: Efficient and Secure Sub-Key Generation for AES Using SHA-3

Advanced Encryption Standard AES is one of the most widely used symmetric cipher for the confidentiality of data. Also it is used for other security services, viz. integrity, authentication and key establishment. However, recently, authors have shown some weakness in the generation of sub-keys in...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/18 12:0 a.m.5 views

Post Quantum Cryptography (PQC) Signatures without Trapdoors

Some of our current public key methods use a trap door to implement digital signature methods. This includes the RSA method, which uses Fermat's little theorem to support the creation and verification of a digital signature. The problem with a back-door is that the actual trap-door method could, ...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/18 12:0 a.m.4 views

Complexity of Post-Quantum Cryptography in Embedded Systems and Its Optimization Strategies

With the rapid advancements in quantum computing, traditional cryptographic schemes like Rivest-Shamir-Adleman RSA and elliptic curve cryptography ECC are becoming vulnerable, necessitating the development of quantum-resistant algorithms. The National Institute of Standards and Technology NIST ha...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/15 12:0 a.m.4 views

From Cyber Threat to Data Shield: Constructing Provably Secure File Erasure with Repurposed Ransomware Cryptography

Ransomware has emerged as a persistent cybersecurity threat,leveraging robust encryption schemes that often remain unbroken even after public disclosure of source code. Motivated by the technical resilience of such mechanisms, this paper presents SEER Secure and Efficient Encryption-based Erasure...

6.7AI score
Exploits0
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

ChuanhuChatGPT 代码问题漏洞

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. A server-side request forgery vulnerability exists in ChuanhuChatGPT version 20240914, which stems from a vulnerability that allows a respons...

6.5CVSS6.8AI score0.00454EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2024/09/18 11:46 a.m.8 views

kernel: ipv6: sr: fix out-of-bounds read when setting HMAC data.

An out-of-bounds read flaw was found when setting HMAC data in net/ipv6/seg6.c in the Linux kernel. This issue may lead to a crash...

5.5CVSS7.2AI score0.00242EPSS
Exploits0References5
Rows per page
Query Builder