PT-2024-39146 · WordPress · The Kb Support – Wordpress Help Desk/Knowledge Base

Name of the Vulnerable Software and Affected Versions: The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress versions up to, and including, 1.6.6 Description: The issue allows unauthorized access and modification of data due to a missing capability check on the kbs ajax loa...

NIST Recommends Some Common-Sense Password Rules

NIST's second draft of its "SP 800-63-4"--its digital identify guidelines--finally contains some really good rules about passwords: The following requirements apply to passwords: 1. lVerifiers and CSPs SHALL require passwords to be a minimum of eight characters in length and SHOULD require...

GO-2024-3123 Commitments to private witnesses in Groth16 as implemented break zero-knowledge property in github.com/consensys/gnark

Commitments to private witnesses in Groth16 as implemented break zero-knowledge property in github.com/consensys/gnark...

2024-09 Cumulative Update for Microsoft server operating system, version 22H2 for x64-based Systems (KB5042881)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...

2024-09 Dynamic Cumulative Update for Windows 11 for x64-based Systems (KB5043067)

ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...

2024-09 Cumulative Update for Windows 11 for x64-based Systems (KB5043067)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...

2024-09 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB5043051)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

2024-09 Cumulative Update for Windows 10 Version 21H2 for ARM64-based Systems (KB5043064)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...

2024-09 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5043064)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...

2024-09 Cumulative Update for Windows 10 Version 22H2 for ARM64-based Systems (KB5043064)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...

2024-09 Dynamic Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5043064)

ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...

2024-09 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5043064)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...

2024-09 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB5043051)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

2024-09 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5043064)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...

2024-09 Dynamic Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5043064)

ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...

XenServer Security

Introduction We work hard to keep our product secure and endeavour to remediate any exploitable issues. To this end, we regularly release Security Bulletins for vulnerabilites that might affect Citrix Hypervisor and XenServer and software updates that address these vulnerabilities. Overview of th...

gnark's Groth16 commitment extension unsound for more than one commitment

Description The summary is that the proof of knowledge associated to a commitment is crucial to bind the commitment to the actual circuit variables that were supposed to be committed. However, the same σ is used for all proofs of knowledge for the commitments, which allows mixing between them,...

GHSA-Q3HW-3GM4-W5CR gnark's Groth16 commitment extension unsound for more than one commitment

Description The summary is that the proof of knowledge associated to a commitment is crucial to bind the commitment to the actual circuit variables that were supposed to be committed. However, the same σ is used for all proofs of knowledge for the commitments, which allows mixing between them,...

gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property

This report concerns the Groth16 prover when used with commitments as in frontend.Committer. To simplify exposition of the issue, I will focus on the case of a single commitment, to only private witnesses. But the issue should be present whenever commitments are used that include private witnesse...

GHSA-9XCG-3Q8V-7FQ6 gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property

This report concerns the Groth16 prover when used with commitments as in frontend.Committer. To simplify exposition of the issue, I will focus on the case of a single commitment, to only private witnesses. But the issue should be present whenever commitments are used that include private witnesse...