Lucene search
K

17 matches found

Cvelist
Cvelist
added 2026/07/04 1:23 a.m.31 views

CVE-2025-71364 picklescan - Arbitrary Code Execution via Undetected asyncio.unix_events._UnixSubprocessTransport._start

picklescan before 0.0.30 fails to detect the asyncio.unixevents.UnixSubprocessTransport.start function in pickle reduce methods, allowing remote code execution. Attackers can craft malicious pickle files embedding this built-in function that evade detection but execute arbitrary commands when...

8.1CVSS0.00555EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 9:4 p.m.9 views

CVE-2025-71339

Affected software/component: Picklescan (versions prior to 0.0.33). Vulnerability/gadget: The numpy.f2py.crackfortran._eval_length gadget in pickle reduce methods can bypass safety validation, enabling arbitrary code execution when loading crafted pickle files. Impact (as stated): Arbitrary Pytho...

8.1CVSS6.2AI score0.00301EPSS
Exploits0References2
Qualys Blog
Qualys Blog
added 2026/05/05 12:45 p.m.9 views

Converge Connect: Unlock Lower Premiums with Proven Qualys Security

Key Takeaways Qualys, in collaboration with Converge, has launched an offering that ties your security posture to your cyber insurance costs. The Qualys Converge Connect Insurance Report CCIR supplements manual insurance questionnaires with objective, platform-generated, real-time security data...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/23 12:0 a.m.6 views

Rigorous Security Proofs for Practical Quantum Key Distribution

This thesis is concerned with rigorous security analyses of practical Quantum Key Distribution QKD protocols, using a variety of modern proof techniques. The main results are as follows. First, we establish a security proof for variable-length QKD protocols against IID collective attacks, and...

5.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2026/01/15 5:58 p.m.7 views

Your VMDR Year in Review: Making Security Progress Visible and Actionable

Security Teams Rarely Stop to Reflect When a security program is working well, very little seems to happen. That is by design. There is no alert for the incident that was prevented. No visibility into the attack path that was quietly closed. No recognition for the vulnerability that was fixed...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/04 12:0 a.m.4 views

Enhancing NTRUEncrypt Security Using Markov Chain Monte Carlo Methods: Theory and Practice

This paper presents a novel framework for enhancing the quantum resistance of NTRUEncrypt using Markov Chain Monte Carlo MCMC methods. We establish formal bounds on sampling efficiency and provide security reductions to lattice problems, bridging theoretical guarantees with practical...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in ping-reductions (npm)

The package ping-reductions was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-29263 Malicious code in ping-reductions (npm)

The package ping-reductions was found to contain malicious code...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.6 views

Black-Box Crypto Is Useless for Pseudorandom Codes

A pseudorandom code is a keyed error-correction scheme with the property that any polynomial number of encodings appear random to any computationally bounded adversary. We show that the pseudorandomness of any code tolerating a constant rate of random errors cannot be based on black-box reduction...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.6 views

Cryptography from Lossy Reductions: Towards OWFs from ETH, and Beyond

One-way functions OWFs form the foundation of modern cryptography, yet their unconditional existence remains a major open question. In this work, we study this question by exploring its relation to lossy reductions, i.e., reductions$R$ for which it holds that $IX;RX \ll n$ for all distributions$X...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/30 12:0 a.m.4 views

The Planted Orthogonal Vectors Problem

In the $k$-Orthogonal Vectors $k$-OV problem we are given $k$ sets, each containing $n$ binary vectors of dimension $d=n^o1$, and our goal is to pick one vector from each set so that at each coordinate at least one vector has a zero. It is a central problem in fine-grained complexity, conjectured...

6.9AI score
Exploits0
PyPA
PyPA
added 2021/08/12 9:15 p.m.6 views

PYSEC-2021-548

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The implementation fails to validate that each reduction group does not overfl...

7.3CVSS7.2AI score0.00167EPSS
Exploits0References2Affected Software1
The Coalfire Blog
The Coalfire Blog
added 2020/08/27 5:44 p.m.21 views

The impact of Covid-19 on SOC reporting

The audit cycle for organizations that receive SOC reports includes new challenges related to Covid-19. Remote workforces are now the norm throughout the world, which introduces new risks. For example, connecting to corporate networks using personal computers that may be infected with malware is...

1.9AI score
Exploits0
Akamai Blog
Akamai Blog
added 2020/07/17 6:35 p.m.33 views

Greening the Digital Economy

COVID-19 and related quarantine protocols have pushed the world even more online than it already was. Global energy consumption for all things digital has been increasing by about 9% per year between 2015 and 2020, and is tracking to be responsible for about 8% of greenhouse gas GHG emission by...

7.2AI score
Exploits0
OSV
OSV
added 2008/07/16 6:41 p.m.4 views

DEBIAN-CVE-2008-3196

skeleton.c in yacc does not properly handle reduction of a rule with an empty right hand side, which allows context-dependent attackers to cause an out-of-bounds stack access when the yacc stack pointer points to the end of the stack...

7.8CVSS6.8AI score0.01449EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2003/04/15 1:13 p.m.4 views

security flaw

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on 1 the number of extra reductions during Montgomery reduction, and 2 the use of different integer multiplication algorithms...

5CVSS7.4AI score0.06393EPSS
Exploits0References4
OSV
OSV
added 2003/03/31 5:0 a.m.3 views

DEBIAN-CVE-2003-0147

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on 1 the number of extra reductions during Montgomery reduction, and 2 the use of different integer multiplication algorithms...

5CVSS8.9AI score0.06393EPSS
Exploits0References1
Rows per page
Query Builder