CVE-2022-49961 bpf: Do mark_chain_precision for ARG_CONST_ALLOC_SIZE_OR_ZERO

In the Linux kernel, the following vulnerability has been resolved: bpf: Do markchainprecision for ARGCONSTALLOCSIZEORZERO Precision markers need to be propagated whenever we have an ARGCONST style argument, as the verifier cannot consider imprecise scalars to be equivalent for the purposes of...

kernel: bpf: Prevent decl_tag from being referenced in func_proto arg

A flaw was found in the BPF Type Format BTF validation. A crafted BTF blob can reference a decltag type from a funcproto argument, bypassing intended validation and potentially causing issues during BPF program verification...

goodmorninghotels.se Cross Site Scripting vulnerability OBB-3756195

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

HackerOne: A user can request a report to be retested even though the program has not been verified by HackerOne

Hey Team I have some observations and issues which i found in my recent testing on h1 platform related to creation of a new private program , So here are my observations listed below - kindly have a look and revert back if you feel like these are valid and worth reporting issues. 1 Can A program...

Proof that HMAC-DRBG has No Back Doors

New research: "Verified Correctness and Security of mbedTLS HMAC-DRBG," by Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, and Andrew W. Appel. Abstract: We have formalized the functional specification of HMAC-DRBG NIST 800-90A, and we have proved its...