17 matches found
CVE-2025-71364 picklescan - Arbitrary Code Execution via Undetected asyncio.unix_events._UnixSubprocessTransport._start
picklescan before 0.0.30 fails to detect the asyncio.unixevents.UnixSubprocessTransport.start function in pickle reduce methods, allowing remote code execution. Attackers can craft malicious pickle files embedding this built-in function that evade detection but execute arbitrary commands when...
CVE-2025-71339
Affected software/component: Picklescan (versions prior to 0.0.33). Vulnerability/gadget: The numpy.f2py.crackfortran._eval_length gadget in pickle reduce methods can bypass safety validation, enabling arbitrary code execution when loading crafted pickle files. Impact (as stated): Arbitrary Pytho...
Converge Connect: Unlock Lower Premiums with Proven Qualys Security
Key Takeaways Qualys, in collaboration with Converge, has launched an offering that ties your security posture to your cyber insurance costs. The Qualys Converge Connect Insurance Report CCIR supplements manual insurance questionnaires with objective, platform-generated, real-time security data...
Rigorous Security Proofs for Practical Quantum Key Distribution
This thesis is concerned with rigorous security analyses of practical Quantum Key Distribution QKD protocols, using a variety of modern proof techniques. The main results are as follows. First, we establish a security proof for variable-length QKD protocols against IID collective attacks, and...
Your VMDR Year in Review: Making Security Progress Visible and Actionable
Security Teams Rarely Stop to Reflect When a security program is working well, very little seems to happen. That is by design. There is no alert for the incident that was prevented. No visibility into the attack path that was quietly closed. No recognition for the vulnerability that was fixed...
Enhancing NTRUEncrypt Security Using Markov Chain Monte Carlo Methods: Theory and Practice
This paper presents a novel framework for enhancing the quantum resistance of NTRUEncrypt using Markov Chain Monte Carlo MCMC methods. We establish formal bounds on sampling efficiency and provide security reductions to lattice problems, bridging theoretical guarantees with practical...
Malicious code in ping-reductions (npm)
The package ping-reductions was found to contain malicious code...
MAL-2025-29263 Malicious code in ping-reductions (npm)
The package ping-reductions was found to contain malicious code...
Black-Box Crypto Is Useless for Pseudorandom Codes
A pseudorandom code is a keyed error-correction scheme with the property that any polynomial number of encodings appear random to any computationally bounded adversary. We show that the pseudorandomness of any code tolerating a constant rate of random errors cannot be based on black-box reduction...
Cryptography from Lossy Reductions: Towards OWFs from ETH, and Beyond
One-way functions OWFs form the foundation of modern cryptography, yet their unconditional existence remains a major open question. In this work, we study this question by exploring its relation to lossy reductions, i.e., reductions$R$ for which it holds that $IX;RX \ll n$ for all distributions$X...
The Planted Orthogonal Vectors Problem
In the $k$-Orthogonal Vectors $k$-OV problem we are given $k$ sets, each containing $n$ binary vectors of dimension $d=n^o1$, and our goal is to pick one vector from each set so that at each coordinate at least one vector has a zero. It is a central problem in fine-grained complexity, conjectured...
PYSEC-2021-548
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The implementation fails to validate that each reduction group does not overfl...
The impact of Covid-19 on SOC reporting
The audit cycle for organizations that receive SOC reports includes new challenges related to Covid-19. Remote workforces are now the norm throughout the world, which introduces new risks. For example, connecting to corporate networks using personal computers that may be infected with malware is...
Greening the Digital Economy
COVID-19 and related quarantine protocols have pushed the world even more online than it already was. Global energy consumption for all things digital has been increasing by about 9% per year between 2015 and 2020, and is tracking to be responsible for about 8% of greenhouse gas GHG emission by...
DEBIAN-CVE-2008-3196
skeleton.c in yacc does not properly handle reduction of a rule with an empty right hand side, which allows context-dependent attackers to cause an out-of-bounds stack access when the yacc stack pointer points to the end of the stack...
security flaw
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on 1 the number of extra reductions during Montgomery reduction, and 2 the use of different integer multiplication algorithms...
DEBIAN-CVE-2003-0147
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on 1 the number of extra reductions during Montgomery reduction, and 2 the use of different integer multiplication algorithms...