Lucene search
K

129 matches found

RedHat Linux
RedHat Linux
added 2025/06/25 12:16 a.m.4 views

undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server...

7.5CVSS7.3AI score0.01175EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2025/06/24 12:0 a.m.5 views

Verifiable Unlearning on Edge

Machine learning providers commonly distribute global models to edge devices, which subsequently personalize these models using local data. However, issues such as copyright infringements, biases, or regulatory requirements may require the verifiable removal of certain data samples across all edg...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/22 12:0 a.m.5 views

SecurityLingua: Efficient Defense of LLM Jailbreak Attacks Via Security-Aware Prompt Compression

Large language models LLMs have achieved widespread adoption across numerous applications. However, many LLMs are vulnerable to malicious attacks even after safety alignment. These attacks typically bypass LLMs' safety guardrails by wrapping the original malicious instructions inside adversarial...

7.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/21 12:0 a.m.5 views

Quantum Enhanced Entropy Pool for Cryptographic Applications and Proofs

This paper investigates the integration of quantum randomness into Verifiable Random Functions VRFs using the Ed25519 elliptic curve to strengthen cryptographic security. By replacing traditional pseudorandom number generators with quantum entropy sources, we assess the impact on key security and...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/21 12:0 a.m.4 views

Excessive Reasoning Attack on Reasoning LLMs

Recent reasoning large language models LLMs, such as OpenAI o1 and DeepSeek-R1, exhibit strong performance on complex tasks through test-time inference scaling. However, prior studies have shown that these models often incur significant computational costs due to excessive reasoning, such as...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/21 12:0 a.m.6 views

Detecting Hardware Trojans in Microprocessors via Hardware Error Correction Code-based Modules

Software-exploitable Hardware Trojans HTs enable attackers to execute unauthorized software or gain illicit access to privileged operations. This manuscript introduces a hardware-based methodology for detecting runtime HT activations using Error Correction Codes ECCs on a RISC-V microprocessor...

7.3AI score
Exploits0
Snyk
Snyk
added 2025/06/19 4:19 p.m.5 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the listNames function. An attacker can cause significant CPU consumption and degrade server performance by supplying a crafted regular expression and influencing the set of resource names...

6.3CVSS6.8AI score0.0035EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/06/18 12:0 a.m.5 views

Tech-ASan: Two-Stage Check for Address Sanitizer

Address Sanitizer ASan is a sharp weapon for detecting memory safety violations, including temporal and spatial errors hidden in C/C++ programs during execution. However, ASan incurs significant runtime overhead, which limits its efficiency in testing large software. The overhead mainly comes fro...

7.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.5 views

ObfusBFA: a Holistic Approach to Safeguarding DNNs from Different Types of Bit-Flip Attacks

Bit-flip attacks BFAs represent a serious threat to Deep Neural Networks DNNs, where flipping a small number of bits in the model parameters or binary code can significantly degrade the model accuracy or mislead the model prediction in a desired way. Existing defenses exclusively focus on...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2025/06/11 1:12 p.m.7 views

Important: Red Hat Security Advisory: perl-FCGI:0.78 security update

An update for the perl-FCGI:0.78 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rate...

5.3CVSS7AI score0.00516EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2025/06/10 12:0 a.m.6 views

ZTaint-Havoc: from Havoc Mode to Zero-Execution Fuzzing-Driven Taint Inference

Fuzzing is a widely used technique for discovering software vulnerabilities, but identifying hot bytes that influence program behavior remains challenging. Traditional taint analysis can track such bytes white-box, but suffers from scalability issue. Fuzzing-Driven Taint Inference FTI offers a...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/08 12:0 a.m.9 views

NanoZone: Scalable, Efficient, and Secure Memory Protection for Arm CCA

Arm Confidential Computing Architecture CCA currently isolates at the granularity of an entire Confidential Virtual Machine CVM, leaving intra-VM bugs such as Heartbleed unmitigated. The state-of-the-art narrows this to the process level, yet still cannot stop attacks that pivot within the same...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/01 12:0 a.m.5 views

ARIANNA: an Automatic Design Flow for Fabric Customization and EFPGA Redaction

In the modern global Integrated Circuit IC supply chain, protecting intellectual property IP is a complex challenge, and balancing IP loss risk and added cost for theft countermeasures is hard to achieve. Using embedded configurable logic allows designers to completely hide the functionality of...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.5 views

Compact and Selective Disclosure for Verifiable Credentials

Self-Sovereign Identity SSI is a novel identity model that empowers individuals with full control over their data, enabling them to choose what information to disclose, with whom, and when. This paradigm is rapidly gaining traction worldwide, supported by numerous initiatives such as the European...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.5 views

Safety Alignment Can Be Not Superficial with Explicit Safety Signals

Recent studies on the safety alignment of large language models LLMs have revealed that existing approaches often operate superficially, leaving models vulnerable to various adversarial attacks. Despite their significance, these studies generally fail to offer actionable solutions beyond data...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.5 views

Shill Bidding Prevention in Decentralized Auctions Using Smart Contracts

In online auctions, fraudulent behaviors such as shill bidding pose significant risks. This paper presents a conceptual framework that applies dynamic, behavior-based penalties to deter auction fraud using blockchain smart contracts. Unlike traditional post-auction detection methods, this approac...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/21 12:0 a.m.6 views

Zero-Trust Mobility-Aware Authentication Framework for Secure Vehicular Fog Computing Networks

Vehicular Fog Computing VFC is a promising paradigm to meet the low-latency and high-bandwidth demands of Intelligent Transportation Systems ITS. However, dynamic vehicle mobility and diverse trust boundaries introduce critical security challenges. This paper presents a novel Zero-Trust...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/19 12:0 a.m.6 views

When Mitigations Backfire: Timing Channel Attacks and Defense for PRAC-Based RowHammer Mitigations

Per Row Activation Counting PRAC has emerged as a robust framework for mitigating RowHammer RH vulnerabilities in modern DRAM systems. However, we uncover a critical vulnerability: a timing channel introduced by the Alert Back-Off ABO protocol and Refresh Management RFM commands. We present...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/14 12:0 a.m.6 views

Privacy-Preserving Runtime Verification

Runtime verification offers scalable solutions to improve the safety and reliability of systems. However, systems that require verification or monitoring by a third party to ensure compliance with a specification might contain sensitive information, causing privacy concerns when usual runtime...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/13 12:0 a.m.6 views

Area Comparison of CHERIoT and PMP in Ibex

Memory safety is a critical concern for modern embedded systems, particularly in security-sensitive applications. This paper explores the area impact of adding memory safety extensions to the Ibex RISC-V core, focusing on physical memory protection PMP and Capability Hardware Extension to RISC-V...

6.9AI score
Exploits0
Rows per page
Query Builder