36 matches found
Institutional DeFi: Building Secure Bridges Between Decentralized Protocols and Corporate Treasury
Institutional DeFi helps corporations improve treasury liquidity, speed cross-border settlements, and manage capital using secure permissioned blockchain protocols...
EUVD-2022-6271
Malicious code in bioql PyPI...
From Permissioned to Proof-of-Stake Consensus
This paper presents the first generic compiler that transforms any permissioned consensus protocol into a proof-of-stake permissionless consensus protocol. For each of the following properties, if the initial permissioned protocol satisfies that property in the partially synchronous setting, the...
Think Your IdP or CASB Covers Shadow IT? These 5 Risks Prove Otherwise
You don’t need a rogue employee to suffer a breach. All it takes is a free trial that someone forgot to cancel. An AI-powered note-taker quietly syncing with your Google Drive. A personal Gmail account tied to a business-critical tool. That’s shadow IT. And today, it’s not just about unsanctioned...
Permissioned LLMs: Enforcing Access Control in Large Language Models
In enterprise settings, organizational data is segregated, siloed and carefully protected by elaborate access control frameworks. These access control structures can completely break down if an LLM fine-tuned on the siloed data serves requests, for downstream tasks, from individuals with disparat...
Securing the Software Package Supply Chain for Critical Systems
Software systems have grown as an indispensable commodity used across various industries, and almost all essential services depend on them for effective operation. The software is no longer an independent or stand-alone piece of code written by a developer but rather a collection of packages...
CVE-2024-49202
Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. The fixed versions are 11.5.1.1, 11.5.2.1, 11.5.3.1, 11.5.4.5, 11.5.6.1, 11.6.0, 12.2.0.1, 12.3.0.1, 12.4.0.1, 12.5.0, and 24.4.0...
SecurePay: Enabling Secure and Fast Payment Processing for Platform Economy
Recent years have witnessed a rapid development of platform economy, as it effectively addresses the trust dilemma between untrusted online buyers and merchants. However, malicious platforms can misuse users' funds and information, causing severe security concerns. Previous research efforts aimed...
AC-LoRA: (Almost) Training-Free Access Control-Aware Multi-Modal LLMs
Corporate LLMs are gaining traction for efficient knowledge dissemination and management within organizations. However, as current LLMs are vulnerable to leaking sensitive information, it has proven difficult to apply them in settings where strict access control is necessary. To this end, we desi...
Decentralized Vulnerability Disclosure Via Permissioned Blockchain: a Secure, Transparent Alternative to Centralized CVE Management
This paper proposes a decentralized, blockchain-based system for the publication of Common Vulnerabilities and Exposures CVEs, aiming to mitigate the limitations of the current centralized model primarily overseen by MITRE. The proposed architecture leverages a permissioned blockchain, wherein on...
CVE-2024-49202
Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. The fixed versions are 11.5.1.1, 11.5.2.1, 11.5.3.1, 11.5.4.5, 11.5.6.1, 11.6.0, 12.2.0.1, 12.3.0.1, 12.4.0.1, 12.5.0, and 24.4.0...
CVE-2024-49202
Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. The fixed versions are 11.5.1.1, 11.5.2.1, 11.5.3.1, 11.5.4.5, 11.5.6.1, 11.6.0, 12.2.0.1, 12.3.0.1, 12.4.0.1, 12.5.0, and 24.4.0...
CVE-2024-49202
Keyfactor Command prior to v12.5.0 contains an Incorrect Access Control issue where access tokens have over-permissioned rights (64099). Reported across multiple sources, the vulnerability affects versions before 12.5.0 and fixes are provided in the following releases: 11.5.1.1, 11.5.2.1, 11.5.3....
tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users
Impact What kind of vulnerability is it? Who is impacted? Low permission users using the "Set .dme Path" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via tgstation-server requiring a separate,...
GHSA-C3H4-9GC2-F7H4 tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users
Impact What kind of vulnerability is it? Who is impacted? Low permission users using the "Set .dme Path" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via tgstation-server requiring a separate,...
CVE-2024-41799 tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users
tgstation-server is a production scale tool for BYOND server management. Prior to 6.8.0, low permission users using the "Set .dme Path" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via...
BIT-HYPERLEDGER-FABRIC-TOOLS-2022-31121 Improper Input Validation in fabric hyperledger
Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error ...
BIT-HYPERLEDGER-FABRIC-PEER-2022-31121 Improper Input Validation in fabric hyperledger
Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error ...
BIT-HYPERLEDGER-FABRIC-ORDERER-2022-36023 Remote denial of service in Hyperledger Fabric Gateway
Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway request and returns...
BIT-HYPERLEDGER-FABRIC-TOOLS-2022-36023 Remote denial of service in Hyperledger Fabric Gateway
Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway request and returns...