19 matches found
CVE-2026-46669
OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the openvm-pairing guest library's tryhonestpairingcheck function invokes Theorem 3 of https://eprint.iacr.org/2024/640.pdf but does not check that the scaling factor s is in a...
EUVD-2026-36121
OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the openvm-pairing guest library's tryhonestpairingcheck function invokes Theorem 3 of https://eprint.iacr.org/2024/640.pdf but does not check that the scaling factor s is in a...
CVE-2026-46669
OpenVM-pairing vulnerability CVE-2026-46669: the openvm-pairing guest library’s try_honest_pairing_check previously did not verify that the scaling factor s lies in a proper subfield of Fp12, allowing incorrect pairing results. The issue has been patched in version 1.6.0; users should upgrade to ...
CVE-2026-46669 `openvm-pairing` pairing check missing proper subfield check on scaling factor
OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the openvm-pairing guest library's tryhonestpairingcheck function invokes Theorem 3 of https://eprint.iacr.org/2024/640.pdf but does not check that the scaling factor s is in a...
PT-2026-48536
OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the openvm-pairing guest library's try honest pairing check function invokes Theorem 3 of https://eprint.iacr.org/2024/640.pdf but does not check that the scaling factor s is in a...
CVE-2026-31872
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.6 and 8.6.32, the protectedFields class-level permission CLP can be bypassed using dot-notation in query WHERE clauses and sort parameters. An attacker can use dot-notation...
PT-2026-24635
Impact An attacker can use a dot-notation field name in combination with the sort query parameter to inject SQL into the PostgreSQL database through an improper escaping of sub-field values in dot-notation queries. The vulnerability may also affect queries that use dot-notation field names with t...
EUVD-2018-8079
Malware in sbrugna...
The Tangent Space Attack
We propose a new method for retrieving the algebraic structure of a generic alternant code given an arbitrary generator matrix, provided certain conditions are met. We then discuss how this challenges the security of the McEliece cryptosystem instantiated with this family of codes. The central...
SUSE CVE-2016-4416
epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted packet...
CVE-2018-16227
The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-80211.c for the Mesh Flags subfield...
Design/Logic Flaw
The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-80211.c for the Mesh Flags subfield...
CVE-2018-16227
The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-80211.c for the Mesh Flags subfield...
CVE-2018-16227
The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-80211.c for the Mesh Flags subfield...
CVE-2018-16227
The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-80211.c for the Mesh Flags subfield...
DEBIAN-CVE-2016-4416
epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted packet...
CVE-2016-4416
epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted packet...
UBUNTU-CVE-2016-4416
epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted packet...
CVE-2016-4416
epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted packet...