USN-7572-1: KaTeX vulnerabilities

Juho Forsén discovered that KaTeX did not correctly handle certain inputs, which could lead to an infinite loop. If a user or application were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22....

Single Block On

In the digital age, individuals increasingly maintain active presences across multiple platforms ranging from social media and messaging applications to professional and communication tools. However, the current model for managing user level privacy and abuse is siloed, requiring users to block...

[SECURITY] Fedora 42 Update: qt6-qtserialbus-6.9.1-1.fc42

Qt Serial Bus API provides classes and functions to access the various industrial serial buses and protocols, such as CAN, ModBus, and others...

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: btrfs: do proper folio cleanup when cowfilerange failed CVE-2024-57976 In the Linux kernel, the following vulnerability has been resolved: kernel: be more careful about dupmmap failures and uprobe registering...

ModelForge: Using GenAI to Improve the Development of Security Protocols

Formal methods can be used for verifying security protocols, but their adoption can be hindered by the complexity of translating natural language protocol specifications into formal representations. In this paper, we introduce ModelForge, a novel tool that automates the translation of protocol...

Poster: FedBlockParadox -- a Framework for Simulating and Securing Decentralized Federated Learning

A significant body of research in decentralized federated learning focuses on combining the privacy-preserving properties of federated learning with the resilience and transparency offered by blockchain-based systems. While these approaches are promising, they often lack flexible tools to evaluat...

MINI-C6HP-M8MC-X6F7

Bulletin has no description...

USN-7542-1: Kerberos vulnerability

It was discovered that Kerberos allowed the usage of weak cryptographic standards. An attacker could possibly use this issue to expose sensitive information. This update introduces the allowrc4 and allowdes3 configuration options, and disables the usage of RC4 and 3DES ciphers by default. Users a...

Effect of Noise and Topologies on Multi-Photon Quantum Protocols

Quantum-augmented networks aim to use quantum phenomena to improve detection and protection against malicious actors in a classical communication network. This may include multiplexing quantum signals into classical fiber optical channels and incorporating purely quantum links alongside classical...

A Quantitative Notion of Economic Security for Smart Contract Compositions

Decentralized applications are often composed of multiple interconnected smart contracts. This is especially evident in DeFi, where protocols are heavily intertwined and rely on a variety of basic building blocks such as tokens, decentralized exchanges and lending protocols. A crucial security...

CVE-2024-45863

A null-dereference vulnerability involving parsing requests specifying invalid protocols can cause the application to crash or potentially result in other undesirable effects. This issue affects Facebook Thrift from v2024.09.09.00 until v2024.09.23.00...

CVE-2024-20955

Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Compiler. Supported versions that are affected are Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit...

CVE-2023-32328

IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957...

CVE-2023-41928

The device is observed to accept deprecated TLS protocols, increasing the risk of cryptographic weaknesses...

CVE-2023-32766

Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three vscode: vscode-insiders: jetbrains-gateway:...

CVE-2023-24533

Multiplication of certain unreduced P-256 scalars produce incorrect results. There are no protocols known at this time that can be attacked due to this...

CVE-2023-23566

A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service or add an account to Outlook or Gmail, etc. with IMAP or POP3 without any verification code...

CVE-2022-30313

Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0051, there is a Honeywell Experion PKS Safety Manager multiple proprietary protocols with unauthenticated functionality issue. The affected components are...

PT-2025-22800 · Unknown · Sipass Integrated Ac5102 +1

Name of the Vulnerable Software and Affected Versions: SiPass integrated AC5102 ACC-G2 All versions SiPass integrated ACC-AP All versions Description: A vulnerability has been identified where affected devices do not properly check the integrity of firmware updates. This could allow a local...

CVE-2022-29957

The Emerson DeltaV Distributed Control System DCS through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade 18508/TCP, 18518/TCP; Plug-and-Play 18510/UDP; Hawk services 18507/UDP; Managemen...